Custom rules 101, update for Sonarqube latest (9.5.0) !?

SonarQube Plugin Development
1

Hi,

i’ve developed a bunch of custom rules for Java, starting in Sonarqube 5 and updated for
Sonarqube 8.9.x - the rules are also Sonarlint enabled.

Now we’re on Sonarqube Enterprise 9.5.0 and the Eclipse Sonarlint console log has

Starting SonarLint for Eclipse 7.4.0.46482
Started security hotspot handler on port 64120
Trigger: STARTUP
Starting SonarLint engine for connection ‘sonar.lan.huk-coburg.de’…
Found Secrets detection plugin: bundleentry://952.fwk467772829/plugins/sonar-secrets-plugin-1.1.0.36766.jar
Found JS/TS detection plugin: bundleentry://952.fwk467772829/plugins/sonar-javascript-plugin-9.1.0.17747.jar
Found HTML detection plugin: bundleentry://952.fwk467772829/plugins/sonar-html-plugin-3.6.0.3106.jar
Plugin ‘secrets’ embeds dependencies. This will be deprecated soon. Plugin should be updated.
Plugin ‘javacustomrules’ embeds dependencies. This will be deprecated soon. Plugin should be updated.
Loaded 19 plugins

  • Python Code Quality and Security 3.13.0.9611 (python)
  • Kotlin Code Quality and Security 2.9.0.1147 (kotlin)
  • RPG Code Quality 3.2.0.3034 (rpg)
  • PL/I Code Quality and Security 1.11.1.2727 (pli)
  • T-SQL Code Quality and Security 1.6.0.4844 (tsql)
  • Apex Code Quality and Security 1.9.0.3429 (sonarapex)
  • Sonar Secrets Plugin for SonarQube 1.1.0.36766 (secrets)
  • JavaScript/TypeScript/CSS Code Quality and Security 9.1.0.17747 (javascript)
  • PL/SQL Code Quality and Security 3.7.0.4372 (plsql)
  • Ruby Code Quality and Security 1.9.0.3429 (ruby)
  • Scala Code Quality and Security 1.9.0.3429 (sonarscala)
  • License for SonarLint 9.3.0.51899 (license)
  • Java Code Quality and Security 7.12.0.29739 (java)
  • COBOL Code Quality 5.0.0.5433 (cobol)
  • HTML Code Quality and Security 3.6.0.3106 (web)
  • XXX Java Custom Rules 2.0.0 (javacustomrules)
  • XML Code Quality and Security 2.5.0.3376 (xml)
  • PHP Code Quality and Security 3.23.1.8766 (php)
  • ABAP Code Quality and Security 3.10.0.3628 (abap)

I need to create some more (Java) rules, what to do based on this message ?

Plugin ‘javacustomrules’ embeds dependencies. This will be deprecated soon. Plugin should be updated.

Will there be an update of

for Sonarqube 9.5 ?
What must / should I pay attention to when creating custom rules for the latest Sonarqube version ?

Gilbert

3

Hi @Rebse

The message means that your custom plugin jar contains third-party dependencies embedded as jar files (jar in jar). We want to remove this “feature” because it forces us to create temporary files to extract those jars before loading them.
The replacement is to shade those dependencies (also known as fat jar).

The plugin template you mention is already up to date:

  1. tell the maven-packaging-plugin to skip packaging dependencies
  2. use the maven shade plugin to shade the dependencies
2 Likes
5

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.