WordPress sonarqube analysis

dingo-d · October 24, 2018, 10:43am

Hi!

I am wondering if it’s possible to add WordPress coding standards to sonarqube analysis?

There are rules created for PHP_CodeSniffer (GitHub - WordPress/WordPress-Coding-Standards: PHP_CodeSniffer rules (sniffs) to enforce WordPress coding conventions), and these sniffs are closely following the handbook with standards (WordPress Coding Standards | Coding Standards Handbook | WordPress Developer Resources).

If there is some tutorial on how to create the standards for sonarqube that would be great as well.

Antoine · October 24, 2018, 5:15pm

Hello @dingo-d,

Our SonarPHP analyzer is shipped with a built-in Drupal Quality Profile, but not for Wordpress. Note that it does not mean we implemented specific rules for Drupal, just that a set of them specifically applies for Drupal projects.

We do not plan on short term to implement specific rules for Wordpress, addressing each popular PHP frameworks coding standards (of frameworks in general) would be a lot of work and a lot of maintenance.
However either existing PHP rules are good enough and it’s just a matter of creating a Quality Profile which targets Wordpress projects, or it needs some rules implementation. From our Extension guide you can figure out how to develop a plugin and how to implement rules.

I hope this helps.

Antoine

dingo-d · October 24, 2018, 6:11pm

Some PHP rules are good enough, but some (like PSR2 standard for class names) are not. I tried extending some, but in some cases I could do it, and in other I couldn’t which I found odd.

Also it would make more sense to have WordPress standards since WordPress powers over 30% of top 10 million sites on the web

I’ll take a look at the extension guide, maybe I can modify it more easily

Thanks!

Alexandre_Gigleux · November 15, 2018, 12:31pm

Hello Denis,

You can help us to provide a default Quality Profile covering WordPress’s standards even without thinking about writing custom rules.

What you need to do is to study the 164 rules available in SonarPHP and tell us:

if the rule is relevant for WordPress
if this is the case, which part of WordPress standards the rule is covering
if the rule is no useable out of box for WordPress, tell us why
if you believe some rules are missing to fully cover WordPress’s standards, tell it and we will do our best to close the gap.

The best way to share this information with us would be a Google Sheet but whatever format that suits you will work for us. The identifier of a rule at SonarSource is looking like that: RSPEC-4426

Is that something you can lead?

Thanks
Alex

dingo-d · November 15, 2018, 1:25pm

Hi Alexandre,

I will try to look it up in the following weeks and get back to you with the findings. I’ll create a Google sheet and share it here.

Thank you!

Crish_Parmar · October 12, 2020, 9:27am

Hello Alexandre Gigleux & Denis,

Is there any conclusion on this topic?
I have also a question for WordPress is to follow the rules of SonarQube and SonarLint Library.

Just let me know for this, your post is above 2018, so till now I think we have the latest WP 5.5 with following all rules of that library.

Thanks,
Crish

dingo-d · October 12, 2020, 11:05am

No, unfortunately, I haven’t worked on this as I really didn’t have the time.

uhlhosting · December 4, 2020, 4:39am

Any updates on this ?

cwalker · April 1, 2021, 12:55pm

Any chance of this happening because I would like to recommend your product but without built-in WordPress Quality Profile, I can not.

Whizzy · August 10, 2022, 11:23pm

Hello,

Is there a roadmap for a WordPress quality profile

Regards