Sonar code quality on AEM code quality pipeline.

Hi @balasai_nikhilka2,

Pleae go through these 2 options:

Cloud Manager has a built-in Code Quality step powered by SonarQube (Adobe’s managed version).

• It automatically runs unit test coverage, security scans, style checks, performance checks, and AEM-specific rules.

• You can configure Quality Gates in Cloud Manager:

  • Example: Block deployment if coverage < 80%, critical issues exist, or security vulnerabilities detected.

• This runs before deployment, so your deployment pipeline will only proceed if quality gates are met.

If you are only using Cloud Manager → You don’t need a separate SonarQube setup; just configure pipeline options + quality gates in Cloud Manager UI.

You can integrate SonarQube / SonarCloud in your build pipeline, and only trigger deployment pipeline if it passes.

Steps:

1. Build Pipeline

   • Checkout code

   • Run mvn clean verify sonar:sonar with SonarQube plugin

   • Upload report to SonarQube/SonarCloud

   • Enforce Sonar Quality Gate

   Example (Maven config in pom.xml😞

   <plugin> <groupId>org.sonarsource.scanner.maven</groupId> <artifactId>sonar-maven-plugin</artifactId> <version>3.10.0.2594</version> </plugin> Example (Azure DevOps / GitHub Actions step): - name: SonarQube Scan run: mvn clean verify sonar:sonar \ -Dsonar.projectKey=my-aem-project \ -Dsonar.host.url=https://sonarcloud.io \ -Dsonar.login=${{ secrets.SONAR_TOKEN }}

    

2. Check Quality Gate

   • Use SonarQube’s webhook / API to check if the Quality Gate passed.

   • If it fails, mark pipeline as failed (deployment won’t run).

3. Deployment Pipeline

   • Trigger only if the code quality pipeline succeeds.

   • Deploy to AEM Cloud Manager using Adobe I/O CLI or Cloud Manager API.