Over a million developers have joined DZone.

Custom Checkstyle’s checks integration into SonarQube

· DevOps Zone

The DevOps zone is brought to you in partnership with Sonatype Nexus. The Nexus suite helps scale your DevOps delivery with continuous component intelligence integrated into development tools, including Eclipse, IntelliJ, Jenkins, Bamboo, SonarQube and more. Schedule a demo today

Companies which use Checkstyle usually extend current set of checks by their own or modify existing ones to satisfy their needs. And there are lots of ready-to-use solutions which help to use Checkstyle in a number of ways: Maven Checkstyle Plugin, Intellij IDEA Checkstyle Plugin and Eclipse Checkstyle Plugin. There is a specific IDE environment which is different between the same company departments or even between team members. Integration of custom checks to all of them is not that simple. There is Sonar Checkstyle Plugin which could help integrate checks and let to show validation results to all of its users, no matter what IDE they use.

In this article I'll provide an example about Checkstyle usage in Sonar which is a cross IDE solution for different platforms and environment. The example will be shown on sevntu.checkstyle project which contains a number of additional (non-standard) checks for Checkstyle. Here are some of the valuable checks to my opinion (7 out of 32):

  • AvoidNotShortCircuitOperatorsForBooleanCheck – forces user not to use ShortCircuit operators ("|", "&" for boolean calculations).
  • CustomDeclarationOrderCheck – adjusts class structure to make it more predictable.
  • VariableDeclarationUsageDistanceCheck – checks distance between declaration of variable and its first usage of it.
  • EitherLogOrThrowException – notifies about either log the exception, or throw it, but never do both.
  • AvoidHidingCauseExceptionCheck – checks for hiding the cause of exception by throwing a new exception.
  • ConfusingConditionCheck – prevents negation within an "if" expression if "else" is present.
  • ReturnNullInsteadOfBoolean – notifies about returning null instead of boolean.

There is an extension for Sonar's Checkstyle plugin which allows to use non-standard checks within Sonar. Let's dive a bit into the process of integration. Each check is represented as a separate rule in Sonar. After creating a new check we have to add a new rule in order so Sonar could understand and use this new check. To accomplish this we use checkstyle-extensions.xml configuration file in sevntu-checkstyle-sonar-plugin project. For instance, here is a rule for ReturnNullInsteadOfBoolean:

    <name>Returning Null Instead of Boolean</name>
    <category name="coding"/>
    <description>Method declares to return Boolean, but returns null.</description>
To make Sonar know about a new check we have to complete the following steps:
# build the project
$ cd sevntu-checkstyle-sonar-plugin
$ mvn clean install

# copy the resulted jar file into Sonar
$ cp target/sevntu-checkstyle-sonar-plugin-x.x.x.jar [SONAR_HOME]/extensions/plugins/

# restart Sonar
$ [SONAR_HOME]/bin/linux-x86-64/sonar.sh restart
The only thing is left is that we have to create a new profile in Sonar's “Quality Profiles” tab. We have already created a default Checkstyle configuration which contains all the non-standard checks from “sevntu.checkstyle” project. So, we can just import this configuration when creating a new profile and that's it:

Import Sonar's profile create dialog

Now we can configure and use non-standard Checkstyle checks in addition to the standard ones within Sonar:

Sonar's profile checks list

This project is a good example of how you can integrate your custom checks into a static stage of code analysis, and make it user friendly, accessible for all members in your team and not get involved in a war of “which IDE is the best and more functional for static code analysis”.

Useful links:

  1. Install Sonar and analyze a project
  2. How to integrate sevntu checks into SonarQubeTM (developer's guide)
  3. How to integrate sevntu checks into SonarQubeTM (user's guide)
  4. Mail-list for QnA

The DevOps zone is brought to you in partnership with Sonatype Nexus. Use the Nexus Suite to automate your software supply chain and ensure you're using the highest quality open source components at every step of the development lifecycle. Get Nexus today


The best of DZone straight to your inbox.

Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}