Question 1

How to integrate SonarJava with a Maven project?

Accepted Answer

Install the SonarQube server and configure the SonarJava plugin, then use Maven goals like 'mvn sonar:sonar' to run analysis. Refer to SonarQube documentation for detailed setup steps, including coverage report imports.

Question 2

SonarJava vs Checkstyle: which is better for Java code quality?

Accepted Answer

SonarJava offers more comprehensive analysis with security vulnerabilities and deep integration into SonarQube for continuous inspection, while Checkstyle focuses on style and formatting rules. Choose SonarJava for end-to-end quality gates and Checkstyle for lightweight style enforcement.

Question 3

Does SonarJava support Java 21 or newer versions?

Accepted Answer

Yes, it supports modern Java versions, but note that testing and compilation require specific JDKs like Java 25 for some modules, as mentioned in the README's testing section. Always check the latest compatibility in the documentation.

Question 4

How to write custom rules for SonarJava?

Accepted Answer

Start with the Custom Rules 101 tutorial linked in the README, then implement rules using the Java API. The process involves defining rule metadata and analysis logic, with examples in the SonarQube docs for guidance.

Question 5

Is SonarJava free to use in commercial projects?

Accepted Answer

It depends on the version; recent releases use the Sonar Source-Available License (SSALv1), which has restrictions. Review the license files and headers for specifics, as some parts might be under different terms, impacting commercial use.

Question 6

Can SonarJava run without a SonarQube server?

Accepted Answer

No, SonarJava is designed exclusively as a plugin for SonarQube and requires it to function. For standalone static analysis, consider tools like SpotBugs or PMD instead.

SonarJava

What is SonarJava?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions