New to SonarQube : Guide me to create custom rules with SQ Community free edition

SonarQube Server / Community Build Writing rules
, ,
1

Dear Team,

I am a test automation engineer (java selenium), I want to use sonarqube community free edition for my test scripts review (Static code analysis to improve the code quality). Please guide me which version I need to install and also do let me know how can I create custom rules as per my test automation requirement for Java & XML languages.

Thank you

2

Hi,

Welcome to the community.

For Community Build, only the latest version is ever supported, so that’s the one you’ll want to install.

For custom rules, the docs should get you started.

 
HTH,
Ann

3

Thanks for the info G Ann Campbell, As per your guidance I need to install Community Build (Free and open source for productivity & code quality) Release 25.4.0.105899 so that I can create the custom rules using below option,
Option 1. Adding XPath rules directly through the SonarQube Server web interface
Option 2. Writing a SonarQube Server plugin in Java that uses SonarQube Server APIs to add new rules.

I would like to proceed with adding custom rules via SonarQube Server web interface (Option 1), can you please provide me reference document/video links so that I can refer them.

Thank you.

4

Hi,

I’ve already pointed you to the docs we have.

 
HTH,
Ann

5

Hi @ganncamp

Tried creating the custom rule (developing a plugin) but sonarqube is getting stopped once I put the generated jar file into plugins folder (C:SonarQube\sonarqube-25.3.0.104237\extensions\plugins). When we remove the jar file from the plugins folder, sonarqube will start normally.

Below are the configuration details:
java 17.0.12 2024-07-16 LTS
sonarqube-25.3.0.104237 - free community edition

Project Structure:
custom-java-rules-plugin/
├── pom.xml
├── src/
│ ├── main/
│ │ ├── java/
│ │ │ └── com/example/sonar/
│ │ │ ├── MyCustomRule.java
│ │ │ ├── MyPlugin.java
│ │ │ └── MyRulesDefinition.java
│ │ │ └── MyRulesList.java
│ │ └── resources/
│ │ ├── org/
│ │ │ └── sonar/I10n/my-custom-java-rules/
│ │ │ ├── MyCustomRule.html

pom.xml:

<project xmlns="http://maven.apache.org/POM/4.0.0"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>

	<groupId>com.example.sonar</groupId>
	<artifactId>custom-java-rules-plugin</artifactId>
	<version>1.0</version>
	<packaging>jar</packaging>

	<properties>
		<java.version>17</java.version>
	</properties>

	<dependencies>
		<!-- DO NOT use sonar-plugin-api directly in recent versions -->
		<dependency>
			<groupId>org.sonarsource.java</groupId>
			<artifactId>java-custom-rules-example</artifactId>
			<version>8.13.0.38826</version>
		</dependency>


		<dependency>
			<groupId>org.sonarsource.api.plugin</groupId>
			<artifactId>sonar-plugin-api</artifactId>
			<version>11.1.0.2693</version>
			<scope>provided</scope>
			<exclusions>
				<exclusion>
					<groupId>commons-logging</groupId>
					<artifactId>commons-logging</artifactId>
				</exclusion>
			</exclusions>
		</dependency>

		<!-- SonarQube Java Plugin API (for Java rules, AST and tree) -->
		<dependency>
			<groupId>org.sonarsource.java</groupId>
			<artifactId>java-checks</artifactId>
			<version>8.13.0.38826</version> <!-- Adjust to your exact version -->
		</dependency>

		<!-- SonarQube Java Plugin (for Java-specific custom rules) -->
		<dependency>
			<groupId>org.sonarsource.java</groupId>
			<artifactId>sonar-java-plugin</artifactId>
			<version>8.13.0.38826</version>
			<scope>provided</scope> <!-- Match this version with your
			SonarQube instance -->
		</dependency>

		<!-- Optional: Apache Commons Logging (if required by your custom
		plugin) -->
		<dependency>
			<groupId>commons-logging</groupId>
			<artifactId>commons-logging</artifactId>
			<version>1.2</version>
		</dependency>

		<!-- Optional: SLF4J Logging (if required by your custom plugin) -->
		<dependency>
			<groupId>org.slf4j</groupId>
			<artifactId>slf4j-api</artifactId>
			<version>2.0.0</version>
		</dependency>
	</dependencies>


	<build>
		<plugins>
			<plugin>
				<artifactId>maven-compiler-plugin</artifactId>
				<version>3.10.1</version>
				<configuration>
					<source>${java.version}</source>
					<target>${java.version}</target>
				</configuration>
			</plugin>
		</plugins>
	</build>
</project>

Logs:

C:\SonarQube\sonarqube-25.3.0.104237\bin\windows-x86-64>StartSonar.bat
Starting SonarQube...
2025.05.07 14:20:21 INFO  app[][o.s.a.AppFileSystem] Cleaning or creating temp directory C:\SonarQube\sonarqube-25.3.0.104237\temp
2025.05.07 14:20:21 INFO  app[][o.s.a.es.EsSettings] Elasticsearch listening on [HTTP: 127.0.0.1:9001, TCP: 127.0.0.1:{}]
2025.05.07 14:20:21 INFO  app[][o.s.a.ProcessLauncherImpl] Launch process[ELASTICSEARCH] from [C:\SonarQube\sonarqube-25.3.0.104237\elasticsearch]: C:\Jdk17\jdk-17.0.12\bin\java -Xms4m -Xmx64m -XX:+UseSerialGC -Dcli.name=server -Dcli.script=./bin/elasticsearch -Dcli.libs=lib/tools/server-cli -Des.path.home=C:\SonarQube\sonarqube-25.3.0.104237\elasticsearch -Des.path.conf=C:\SonarQube\sonarqube-25.3.0.104237\temp\conf\es -Des.distribution.type=tar -cp C:\SonarQube\sonarqube-25.3.0.104237\elasticsearch\lib\*;C:\SonarQube\sonarqube-25.3.0.104237\elasticsearch\lib\cli-launcher\* org.elasticsearch.launcher.CliToolLauncher
2025.05.07 14:20:21 INFO  app[][o.s.a.SchedulerImpl] Waiting for Elasticsearch to be up and running
Standard Commons Logging discovery in action with spring-jcl: please remove commons-logging.jar from classpath in order to avoid potential conflicts
2025.05.07 14:20:38 INFO  app[][o.s.a.SchedulerImpl] Process[es] is up
2025.05.07 14:20:38 INFO  app[][o.s.a.ProcessLauncherImpl] Launch process[WEB_SERVER] from [C:\SonarQube\sonarqube-25.3.0.104237]: C:\Jdk17\jdk-17.0.12\bin\java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djava.io.tmpdir=C:\SonarQube\sonarqube-25.3.0.104237\temp -XX:-OmitStackTraceInFastThrow --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED --add-exports=java.base/jdk.internal.ref=ALL-UNNAMED --add-opens=java.base/java.nio=ALL-UNNAMED --add-opens=java.base/sun.nio.ch=ALL-UNNAMED --add-opens=java.management/sun.management=ALL-UNNAMED --add-opens=jdk.management/com.sun.management.internal=ALL-UNNAMED -Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError -Dhttp.nonProxyHosts=localhost|127.*|[::1] -cp ./lib/sonar-application-25.3.0.104237.jar;C:\SonarQube\sonarqube-25.3.0.104237\lib\jdbc\h2\h2-2.3.232.jar org.sonar.server.app.WebServer C:\SonarQube\sonarqube-25.3.0.104237\temp\sq-process11890048630284081182properties
Standard Commons Logging discovery in action with spring-jcl: please remove commons-logging.jar from classpath in order to avoid potential conflicts
2025.05.07 14:20:42 INFO  app[][o.s.a.SchedulerImpl] Process[Web Server] is stopped
2025.05.07 14:20:42 INFO  app[][o.s.a.SchedulerImpl] Process[ElasticSearch] is stopped
2025.05.07 14:20:42 INFO  app[][o.s.a.SchedulerImpl] SonarQube is stopped
6

Hi,

You should check your other server logs for the error.

 
HTH,
Ann