Over a million developers have joined DZone.

Custom Checkstyle’s checks integration into SonarQube

DZone's Guide to

Custom Checkstyle’s checks integration into SonarQube

· DevOps Zone ·
Free Resource

Is the concept of adopting a continuous everything model a daunting task for your fast moving business? Read this whitepaper to break down and understand one of the key pillars of this model in Continuous Governance: The Guardrails for Continuous Everything.

Companies which use Checkstyle usually extend current set of checks by their own or modify existing ones to satisfy their needs. And there are lots of ready-to-use solutions which help to use Checkstyle in a number of ways: Maven Checkstyle Plugin, Intellij IDEA Checkstyle Plugin and Eclipse Checkstyle Plugin. There is a specific IDE environment which is different between the same company departments or even between team members. Integration of custom checks to all of them is not that simple. There is Sonar Checkstyle Plugin which could help integrate checks and let to show validation results to all of its users, no matter what IDE they use.

In this article I'll provide an example about Checkstyle usage in Sonar which is a cross IDE solution for different platforms and environment. The example will be shown on sevntu.checkstyle project which contains a number of additional (non-standard) checks for Checkstyle. Here are some of the valuable checks to my opinion (7 out of 32):

  • AvoidNotShortCircuitOperatorsForBooleanCheck – forces user not to use ShortCircuit operators ("|", "&" for boolean calculations).
  • CustomDeclarationOrderCheck – adjusts class structure to make it more predictable.
  • VariableDeclarationUsageDistanceCheck – checks distance between declaration of variable and its first usage of it.
  • EitherLogOrThrowException – notifies about either log the exception, or throw it, but never do both.
  • AvoidHidingCauseExceptionCheck – checks for hiding the cause of exception by throwing a new exception.
  • ConfusingConditionCheck – prevents negation within an "if" expression if "else" is present.
  • ReturnNullInsteadOfBoolean – notifies about returning null instead of boolean.

There is an extension for Sonar's Checkstyle plugin which allows to use non-standard checks within Sonar. Let's dive a bit into the process of integration. Each check is represented as a separate rule in Sonar. After creating a new check we have to add a new rule in order so Sonar could understand and use this new check. To accomplish this we use checkstyle-extensions.xml configuration file in sevntu-checkstyle-sonar-plugin project. For instance, here is a rule for ReturnNullInsteadOfBoolean:

    <name>Returning Null Instead of Boolean</name>
    <category name="coding"/>
    <description>Method declares to return Boolean, but returns null.</description>
To make Sonar know about a new check we have to complete the following steps:
# build the project
$ cd sevntu-checkstyle-sonar-plugin
$ mvn clean install

# copy the resulted jar file into Sonar
$ cp target/sevntu-checkstyle-sonar-plugin-x.x.x.jar [SONAR_HOME]/extensions/plugins/

# restart Sonar
$ [SONAR_HOME]/bin/linux-x86-64/sonar.sh restart
The only thing is left is that we have to create a new profile in Sonar's “Quality Profiles” tab. We have already created a default Checkstyle configuration which contains all the non-standard checks from “sevntu.checkstyle” project. So, we can just import this configuration when creating a new profile and that's it:

Import Sonar's profile create dialog

Now we can configure and use non-standard Checkstyle checks in addition to the standard ones within Sonar:

Sonar's profile checks list

This project is a good example of how you can integrate your custom checks into a static stage of code analysis, and make it user friendly, accessible for all members in your team and not get involved in a war of “which IDE is the best and more functional for static code analysis”.

Useful links:

  1. Install Sonar and analyze a project
  2. How to integrate sevntu checks into SonarQubeTM (developer's guide)
  3. How to integrate sevntu checks into SonarQubeTM (user's guide)
  4. Mail-list for QnA

Are you looking for greater insight into your software development value stream? Check out this whitepaper: DevOps Performance: The Importance of Measuring Throughput and Stability to see how CloudBees DevOptics can give you the visibility to improve your continuous delivery process.


Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}