How to create custom rules for Javascript

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
  • what are you trying to achieve
    Whenever any username or password fields are hardcoded in Javascript Code ,its should be treated as vulnerability
  • what have you tried so far to achieve this
    I have gone through all the rules,and tried to create customr rules

Hey where you able to figure out how to implement custom rules for javascript into sonarqube!!


Since 6.0 (Sep. 2019), custom rules implemented on SonarJS (the SonarQube plugin for JS analysis) are deprecated, you should avoid using this feature.

As an alternative, we advise you to write your custom rules based on Eslint, and then import them thanks to the external issues feature (see sonar.eslint.reportPaths key).

I believe this is a nice alternative, ESlint is a powerful tool, we are using it ourselves for the majority of our rules, and you will find plenty of documentation out here in case you are stuck.


hi,i wonder that if this demo is useless ?

Yes, this is an example of custom rules implemented on SonarJS, which is deprecated.

Otherwise, everything stated in my first post stays true.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.