Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new

Learn more

View all

Sign in to view all badges

Code quality rules for local SonarQube server

Level 1
Level 1

We would like to use a local SonarQube server to perform code quality scans in our development environments prior to submitting a branch for deployment in AEM Cloud Manager.  This would enable us to resolve issues without the overhead of uploading code to Cloud Manager and waiting for the deployment to our stage environment.  It would also enable multiple developers on our team to perform scans before merging our code together.


The Quality Profiles delivered with SonarQube - the "Sonar Way" - do not appear to match up fully with what is used by Cloud Manager.  For instance, the scan in Cloud Manager flags some of our code that returns copies of mutable members (, but local SonarQube does not flag the same code.  The Cloud Manager scan also appears to focus on rules having specific tags, especially "cert" and "cwe".


Is there a Quality Profile available that we could import into a local SonarQube environment that matches what is in Cloud Manager?  (The name of the profile used by Cloud Manager appears to be "CQ-Rules-Java-Profile", according to the logs.  It may be connected to a "SonarQube Java plugin for CQ", also mentioned in the logs.)


We are aware of the AEM Rules for SonarQube project (, but this looks to be separate from the base Java rules.


The closer we can mirror the Cloud Manager rules locally, the better we can ensure code quality before submitting to the pipeline, making our development more efficient and robust.


2 Replies
Level 1
Level 1
Thank you for these links. Both of these resources are about the basic setup of a local SonarQube server. We have already managed to do this. What we need instead is the specific quality rules used by Cloud Manager. Do you know if these are available?