Disallow packages or specific classes

Is there an existing rule that allows one to disallow the use of specific packages and/or java classes?

For instance, if I wanted to disallow the use of java.sqlStatement (I know there is already a specific to PreparedStatement… this is just an example)

Or another example would be for projects that are using SLF4J, disallow the use of log4j packages.

In the past this could be accomplished via a custom rule. Is it possible to accomplish this in SonarCloud?

Thanks in advance for your help,


Hello @romack,

There is multiple rules provided with our java analyzer which cover your case:

When tracking disallowed classes (S3688), you can use regular expressions, such as: java.lang\..* to cover a family of classes based on their fully qualified names.


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.