Daniel Strmečki & Martin Gluhak

Automated Code Quality Checks with Custom SonarQube Rules

Stop documenting coding standards and start enforcing them. This talk shows you how to build custom SonarQube rules from scratch to block bad code.

Automated Code Quality Checks with Custom SonarQube Rules
#1about 3 minutes

Introduction to the company's code quality approach

An overview of the company's focus on code quality as a differentiator and the agenda for creating custom SonarQube rules.

#2about 3 minutes

The business case for standardizing code quality

Standardizing code quality improves customer perception, attracts talent, prevents repeated mistakes, and streamlines onboarding for new developers.

#3about 5 minutes

Implementing a comprehensive quality assurance strategy

A successful quality assurance strategy relies on shared team responsibility, continuous testing, and a high degree of automation across the test pyramid.

#4about 5 minutes

Creating coding guidelines and using initial tools

Establishing documented coding guidelines and using the free version of SonarQube helps standardize code but lacks enforcement for fixes and architectural checks.

#5about 4 minutes

Enforcing code quality with automated checks

Enforce coding standards by using SonarQube pull request decoration to block merges, ArchUnit for architectural tests, and custom rules for framework-specific issues.

#6about 4 minutes

Setting up a project for custom SonarQube rules

Start creating custom rules by cloning the official SonarSource template project from GitHub, which provides the necessary structure and dependencies.

#7about 4 minutes

Writing unit tests for a custom SonarQube rule

Use test-driven development by creating a Java code snippet with non-compliant comments and a JUnit test class that uses CheckVerifier to validate the rule's logic.

#8about 6 minutes

Implementing the rule logic using the syntax tree

Implement the rule by extending BaseTreeVisitor to traverse the abstract syntax tree, identifying the method's return type, and reporting an issue if it matches the target class.

#9about 4 minutes

Documenting the rule and building the plugin JAR

Finalize the rule by adding it to the plugin's rule list, creating HTML documentation with examples, and defining metadata in a JSON file before building the JAR.

#10about 9 minutes

Deploying and using the custom rule in SonarQube and IntelliJ

Deploy the custom rule by placing the JAR in the SonarQube plugins directory, activating it in a quality profile, and connecting SonarLint to see violations in the IDE.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Q&A on Sonar, AI in code analysis, and pricing
06:50 MIN

Q&A on Sonar, AI in code analysis, and pricing

The Clean as You Code Imperative

Q&A on tools, metrics, and distributed teams
15:16 MIN

Q&A on tools, metrics, and distributed teams

Domain-Driven Transformation—How to Bring (Back) Sustainable Architecture to Legacy and Monoliths

Using static analysis and quality gates for code quality
03:31 MIN

Using static analysis and quality gates for code quality

One-click-to-production: Test and automate your application

Solutions for bridging the hardware and software divide
03:08 MIN

Solutions for bridging the hardware and software divide

More efficient software for more efficient microchips

Integrating code quality checks into the development lifecycle
01:35 MIN

Integrating code quality checks into the development lifecycle

The Clean as You Code Imperative

Introduction to automating code reviews and quality checks
01:38 MIN

Introduction to automating code reviews and quality checks

Build a CI/CD pipeline to automate code reviews and ensure code quality

Ensuring code quality and global application reach
01:32 MIN

Ensuring code quality and global application reach

Navigating the Corporate Jungle: Life as a Developer in a large Company

Maintaining code quality with AI-generated code
02:27 MIN

Maintaining code quality with AI-generated code

The AI-Ready Stack: Rethinking the Engineering Org of the Future

Featured Partners

Related Videos

See all videos
Application Modernization Leveraging Gen-AI for Automated Code Transformation
41:17

Application Modernization Leveraging Gen-AI for Automated Code Transformation

Syed M Shaaf

Give your build some love, it will give it back!
45:39

Give your build some love, it will give it back!

Amanda Martin

The Clean as You Code Imperative
30:40

The Clean as You Code Imperative

Olivier Gaudin

Supercharging Static Code Analysis: Konveyor AI & LLMs
33:14

Supercharging Static Code Analysis: Konveyor AI & LLMs

Daniel Oh

Build a CI/CD pipeline to automate code reviews and ensure code quality
45:28

Build a CI/CD pipeline to automate code reviews and ensure code quality

Julien Delange

Are you still programming unit tests or already generating?
29:31

Are you still programming unit tests or already generating?

Johannes Bergsmann & Daniel Bauer

Grappling With Clunky Old Software? Start by Understanding What’s Inside!
30:23

Grappling With Clunky Old Software? Start by Understanding What’s Inside!

Luc Perard

Test-Driven Development: It's easier than you think!
25:36

Test-Driven Development: It's easier than you think!

Eric Deandrea

Related Articles

View all articles
Benedikt Bischof
How we Build The Software of Tomorrow
Welcome to this issue of the WeAreDevelopers Live Talk series. This article recaps an interesting talk by Thomas Dohmke who introduced us to the future of AI – coding.This is how Thomas describes himself:I am the CEO of GitHub and drive the company’s...
How we Build The Software of Tomorrow

From learning to earning

Jobs that call for the skills explored in this talk.