Sonarqube, PMD, findbugs and checkstyle


(Vitor Cruz) #1

I am using sonarqube community version 6.7.2, and, as I remember, SonarJava plugin was aiming to replace (mostly at least) Findbugs and PMD rules by squid ones. There was an information on rules from those providers when there was a proper squid rule replacement, but now I am unable to find it and some rules from findbugs, for example, are very similar to others I know from squid.

Sonarqube recommends using only squid rules? Does those rules replaces well rules from PMD and Findbugs?

(Adam Gabryś) #4

(Alexandre Gigleux) #5

Hello Vitor,

I confirm SonarSource is recommending to use rules provided by the Code Analyzers made and supported by us, so indeed rules provided by SonarJava. Don’t forget that SonarJava rules are executed on SonarLint side in your IDE which is a great thing to have the same results on your IDE and on SonarQube server.

Still, we can’t deny there are other open source rules engines on the market and developers are relying on them for years. So recently we decided to be friendly with them and natively allow to import results from Checkstyle, PMD and SpotBugs (FindBugs and FindSecBugs). This is possible if you are using SonarQube 7.2+ and SonarJava 5.6+.