Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Code quality rules for local SonarQube server

Avatar

Avatar
Validate 1
Level 1
bgsueeid
Level 1

Likes

2 likes

Total Posts

3 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Shape 1
Boost 1
View profile

Avatar
Validate 1
Level 1
bgsueeid
Level 1

Likes

2 likes

Total Posts

3 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
Shape 1
Boost 1
View profile
bgsueeid
Level 1

15-02-2021

We would like to use a local SonarQube server to perform code quality scans in our development environments prior to submitting a branch for deployment in AEM Cloud Manager.  This would enable us to resolve issues without the overhead of uploading code to Cloud Manager and waiting for the deployment to our stage environment.  It would also enable multiple developers on our team to perform scans before merging our code together.

 

The Quality Profiles delivered with SonarQube - the "Sonar Way" - do not appear to match up fully with what is used by Cloud Manager.  For instance, the scan in Cloud Manager flags some of our code that returns copies of mutable members (https://rules.sonarsource.com/java/RSPEC-2384), but local SonarQube does not flag the same code.  The Cloud Manager scan also appears to focus on rules having specific tags, especially "cert" and "cwe".

 

Is there a Quality Profile available that we could import into a local SonarQube environment that matches what is in Cloud Manager?  (The name of the profile used by Cloud Manager appears to be "CQ-Rules-Java-Profile", according to the logs.  It may be connected to a "SonarQube Java plugin for CQ", also mentioned in the logs.)

 

We are aware of the AEM Rules for SonarQube project (https://github.com/wttech/AEM-Rules-for-SonarQube), but this looks to be separate from the base Java rules.

 

The closer we can mirror the Cloud Manager rules locally, the better we can ensure code quality before submitting to the pipeline, making our development more efficient and robust.

 

Accepted Solutions (0)

Answers (1)

Answers (1)

Avatar

Avatar
Ignite 1
MVP
SureshDhulipudi
MVP

Likes

163 likes

Total Posts

174 posts

Correct Reply

49 solutions
Top badges earned
Ignite 1
Give Back 5
Give Back 3
Give Back 10
Give Back
View profile

Avatar
Ignite 1
MVP
SureshDhulipudi
MVP

Likes

163 likes

Total Posts

174 posts

Correct Reply

49 solutions
Top badges earned
Ignite 1
Give Back 5
Give Back 3
Give Back 10
Give Back
View profile
SureshDhulipudi
MVP

16-02-2021