SONAR 4.2, PMD, CheckStyle

Recently SONAR started porting Source Code Validation Rules from PMD and CheckStyle to SONAR Qube Java Rules (SQUIDs)
The point they are raising that PMD/CheckStyle is not active enough.

By end of 2014, they want to move as many rules as possible to SONAR and later they will stop support for PMD/CheckStyle.
By keeping this in mind, it is better to migrate to SONAR Rules.
How to do that?
Step 1: Always copy Quality Profile to custom name
Step 2: Find all DEPRECATED Rules and disable them
Step 3: Find all SQUIDs and enable them
Step 4: SONAR don’t want people to modify thresholds. It is up to teams to make decision.

Enable SONAR Qube Rules in Bulk
2014-04-09 14_25_14-SonarQube_inactive_136

Disable Deprecated Rules from PMD/CheckStyle
2014-04-09 14_27_09-SonarQube_disable_deprecated

1. This speeds up SONAR process time (Reduces number of code passes)
2. No need to use PMD/CheckStyle Eclipse Plugins (No impact if we use them too.)
3. Team need to depend heavily on SONAR Eclipse Plugin
4. Less number of rules (Duplicate rules between PMD/CheckStyle were deleted)



What are the best practices for Java development team?

At individual level
In Eclipse IDE use following files and share with team to maintain consistency.


TestNG Test Cases
Emma plug in to check code coverage
Tie the memory and performance numbers to test cases

At team level
What happens in Hudson?
Configure following in Hudson, so that it is easy to check after each build.

Code Coverage Report
Open Tasks Report
PMD Report
Surefire Test Report

At organizational level
How to compare different projects / modules in organization?
Use SONAR and use maven plug in to push the data to Sonar server.

Code Coverage
Lines of Code
Test Success


Sonar (codehaus) Custom PMD Rules

It took some time to resolve this.

Problem Statement: How to add custom PMD rules to Sonar?


Note: ABCD is project name or company name

Step 1:

ABCD-PMD-RULES-ECLIPSE.XML: This file can be used in Eclipse. Also we need to use same in Sonar to have consistent results. Zip/jar this file as ABCD-PMD-Rules.jar.

All .xml files must be under root folder.
Drop this .jar file under path sonar-1.8extensionsrulespmd (Respective sonar folder.)
If using custom java classes, they need to be placed in jar file.

Important Change: Make rule name unique. Add project name or company name as prefix. Example: name=”pro_rulename”. Other wise it will create problem. Because these names are already in database and fails to import them. You can see this mysql exception in sonar.log file.

 ABCD Ruleset
If you have a class that has nothing but static methods, consider making it a Singleton.
Note that this doesn't apply to abstract classes, since their subclasses may
well include non-static methods.  Also, if you want this class to be a Singleton,
remember to add a private constructor to prevent instantiation.


Step 2:

Create ABCD_sonar_rules.xml file
Drop this .jar file under path sonar-1.8extensionsrulespmd (Respective sonar folder.)
This file is specific to Sonar.
Read for more information.

 ABCD Use Singleton
 <!-- available categories : Reliability, Portability, Maintainability, Efficiency, Usability -->

Step 3:

Login to Sonar Admin Console
You can see this rules under Sonar way
Copy this profile to Profile B
In profile B, remove all existing rules and keep only ABCD rules.
Make them mandatory
You can assign project to this rule set or we can make this as default rule set.

Step 4:

mvn sonar:sonar

This will generate new reports against new rules. Check the information on sonar site.

Notes: See this for more information

    Maximum Methods Count Check
    Maximum number of methods authorised

        Maximum number of methods authorised
    Avoid if without using brace
    Avoid if without using brace

Note: If there is any errors, Sonar wont display exact error on screen. Check logs for exact information.



Important Links:


Java Code Metrics Report

Java Code Metrics Report

This is the dream for Managers to have code report for each project. In Java we have tools like check style, PMD, CPD, Cobertura Test Coverage, ..etc. We need to have tool which can track all this results on day to day basis and helps to track down the progress in project. To achieve this we have following tools.

XRadar –

Maven Dashboard Plug-in –

QA Lab –

Sonar –

Hacky Stat –


  1. It supports branches and multiple projects
  2. Nice time lines
  3. Tabular and graphical views
  4. Separate database to track huge past history.

JcReport –

(Only with Ant…no maven support)

The best tool worked out for me is Sonar.

Here is the Sonar demo site

Problems faced in Sonar setup as on Nov-04-2008

Problem: sonar-1.4.3 is having issues and there is ticket

Solution: Sonar 1.4.2 is working fine.

Problem: MySQL database in Windows with McAfee is having problem while using Windows/Temp folders

Embedded error: org.hibernate.exception.GenericJDBCException: could not get table metadata: rules_categories

Can’t create/write to file ‘C:WINDOWSTEMP#sql_12a8_0.MYI’ (Errcode: 13)


my.ini file in mysql folder

#Added to escape from McAfee