Adobe Experience Manager Sites & More

Balasai_NikhilKa2 · 8/25/25

I want to have a code quality pipeline which scans newly written code and find any issues. Once everything is good then run deployment pipeline.

SantoshSai · 8/25/25

Hi @Balasai_NikhilKa2,

Pleae go through these 2 options:

Cloud Manager has a built-in Code Quality step powered by SonarQube (Adobe’s managed version).

It automatically runs unit test coverage, security scans, style checks, performance checks, and AEM-specific rules.
You can configure Quality Gates in Cloud Manager:
- Example: Block deployment if coverage < 80%, critical issues exist, or security vulnerabilities detected.
This runs before deployment, so your deployment pipeline will only proceed if quality gates are met.

If you are only using Cloud Manager → You don’t need a separate SonarQube setup; just configure pipeline options + quality gates in Cloud Manager UI.

You can integrate SonarQube / SonarCloud in your build pipeline, and only trigger deployment pipeline if it passes.

Steps:

Build Pipeline

Checkout code
Run mvn clean verify sonar:sonar with SonarQube plugin
Upload report to SonarQube/SonarCloud
Enforce Sonar Quality Gate

Example (Maven config in pom.xml

<plugin>
  <groupId>org.sonarsource.scanner.maven</groupId>
  <artifactId>sonar-maven-plugin</artifactId>
  <version>3.10.0.2594</version>
</plugin>
Example (Azure DevOps / GitHub Actions step):


- name: SonarQube Scan
  run: mvn clean verify sonar:sonar \
    -Dsonar.projectKey=my-aem-project \
    -Dsonar.host.url=https://sonarcloud.io \
    -Dsonar.login=${{ secrets.SONAR_TOKEN }}

Check Quality Gate
- Use SonarQube’s webhook / API to check if the Quality Gate passed.
- If it fails, mark pipeline as failed (deployment won’t run).
Deployment Pipeline
- Trigger only if the code quality pipeline succeeds.
- Deploy to AEM Cloud Manager using Adobe I/O CLI or Cloud Manager API.

Santosh Sai

View solution in original post

SantoshSai · 8/25/25

Hi @Balasai_NikhilKa2,

Pleae go through these 2 options:

Cloud Manager has a built-in Code Quality step powered by SonarQube (Adobe’s managed version).

It automatically runs unit test coverage, security scans, style checks, performance checks, and AEM-specific rules.
You can configure Quality Gates in Cloud Manager:
- Example: Block deployment if coverage < 80%, critical issues exist, or security vulnerabilities detected.
This runs before deployment, so your deployment pipeline will only proceed if quality gates are met.

If you are only using Cloud Manager → You don’t need a separate SonarQube setup; just configure pipeline options + quality gates in Cloud Manager UI.

You can integrate SonarQube / SonarCloud in your build pipeline, and only trigger deployment pipeline if it passes.

Steps:

Build Pipeline

Checkout code
Run mvn clean verify sonar:sonar with SonarQube plugin
Upload report to SonarQube/SonarCloud
Enforce Sonar Quality Gate

Example (Maven config in pom.xml

<plugin>
  <groupId>org.sonarsource.scanner.maven</groupId>
  <artifactId>sonar-maven-plugin</artifactId>
  <version>3.10.0.2594</version>
</plugin>
Example (Azure DevOps / GitHub Actions step):


- name: SonarQube Scan
  run: mvn clean verify sonar:sonar \
    -Dsonar.projectKey=my-aem-project \
    -Dsonar.host.url=https://sonarcloud.io \
    -Dsonar.login=${{ secrets.SONAR_TOKEN }}

Check Quality Gate
- Use SonarQube’s webhook / API to check if the Quality Gate passed.
- If it fails, mark pipeline as failed (deployment won’t run).
Deployment Pipeline
- Trigger only if the code quality pipeline succeeds.
- Deploy to AEM Cloud Manager using Adobe I/O CLI or Cloud Manager API.

Adobe Experience Manager Sites & More

Sonar code quality on AEM code quality pipeline.

Santosh Sai

Santosh Sai

Learn

Documentation

Events

Community

Support

Resources

Adobe account

Adobe