Adding custom rule for Android SDK using Java

Hi everyone, I am a PhD Scholar and want to write a custom rule for Android SDK using Java language.

I have studied various SonarQube documentations and Stackoverflow questions, but I didn’t find any answer or any tutorial to follow. I know how to write Java custom rules, but how do I refer to any Android specific class or method in Java for writing an Android specific custom rule, that’s what I don’t know.

I have followed the following tutorial:
Writing Java Custom Rules
But, it explains the writing custom rule for Java.

Thanks in Advance if someone can explain how to write Android specific custom rules in SonarQube or can share helping material or tutorial.

Hello @mwkhan in general, writing Android specific custom rules shouldn’t be any different than writing ordinary rules for Java if you’re talking about rules for Java in Android.

We even have a few Android rules in our Java analyzer to seek inspiration. I think we even added a method to only run certain rules in the Android context.

If you’d like to write custom rules for Android and Kotlin, that’s a different story as for Kotlin we don’t have a custom rules mechanism. SO you will have to write a completely custom plugin and integrate with Kotlin compiler.

So I think. I’d like to hear more context to understand what exactly you would like to achieve.


Thank you Margarita for your response.
Yes I want to write a custom android rule, and I am using Java language (in Android Studio).
What I understand that Java rules target Java SDK, but to implement Android rules, we need Android SDK to be accessible in Sonar custome rule development. I tried to access android specific functions in while using Sonar provided custom plugin template, but Android-specifc functions, and importing android-specific libraries aren’t recognized by the IntelliJ IDEA.

I think there are a few points:

  1. You can write rules for Android projects without depending on Android SDK. If you need to check the Android SDK types, you just need to know their fully qualified names, For example, like here:
    sonar-java/java-checks/src/main/java/org/sonar/java/checks/security/ at master · SonarSource/sonar-java · GitHub
  2. Once your custom rule plugin is ready you will add it to SQ.
  3. You will only need Android SDK to build the Android project you want to analyze, and then you will run the analysis.

So, why do you need Android SDK for your custom rules plugin?


I thought Android SDK must be configured first to access Android-Specific methods.
Sure I will try the GitHub link you provided and will get back to you.

Thank you for the prompt response.

1 Like

Hi Margarita,
I need one more help, as SonarQube is big framework, and I am new to SonarQube custom rule development. I studied various official SQ documentations to understand the SQ architecture, but still I am not capturing everything. Like in Sonar Java plugin repo on GitHub has bunch of files and directories. That scary me as I don’t know which java directory or class does what.
So, can you provide me any detailed documentation/tutorial that teaches me SQ architecture in an easy way, so I can understand the purpose of each and every file if I have to add a custom Java/Android rule.

Muhammad Waheed Khan

I think you can check this page: Home · SonarSource/sonar-java Wiki · GitHub

Just note, that sonar-java is a complex project and it requires some time to get familiar with it. Good news is that you don’t need to understand every single class completely before implementing your first rule. SO I suggest you read attentively this documentation and follow the described steps.

And once you start working on it, you will collect some questions and you can come back to this forum with more specific questions.

Good luck with that!


Thank you Margarita for your nice support and prompt responses. Sure I will get back here if need further assistance.

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.