Setting Up SonarQube Profiles with AEM Custom Rules: A Guide to Local Development Configuration

Problem Statement:

How to set up SonarQube profiles with AEM custom rules and configure them with local development?

Introduction:

SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs and code smells in 29 programming languages. SonarQube offers reports on duplicated code, coding standards, unit tests, code coverage, code complexity, comments, bugs, and security recommendations.

However, it does apply mainly to general Java issues. Adobe Experience Manager is a comprehensive content management platform for building websites, mobile apps and forms. This tool is intended to find common bugs and bad smells specific to AEM development.

Requirements:

Install the docker and keep it up to date

Step 1: Place the following docker-compose YML file under your project structure

Note: Docker image is based out of community image wttech (Cognified team)

version: "latest"

services:
  sonarqube:
    image: ahmedmusallam/sonarqube-aem:latest
    container_name: sonarqube
    depends_on:
      - db
    ports:
      - "9000:9000"
    networks:
      - sonarnet
    environment:
      - sonar.jdbc.username=sonar
      - sonar.jdbc.password=sonar
      - sonar.jdbc.url=jdbc:postgresql://db:5432/sonar
      - SONARQUBE_ADMIN_PASSWORD=Welcome1
    volumes:
      - sonarqube_data:/opt/sonarqube/data
      - sonarqube_logs:/opt/sonarqube/logs
  db:
    image: postgres:latest
    container_name: postgres
    networks:
      - sonarnet
    environment:
      - POSTGRES_USER=sonar
      - POSTGRES_PASSWORD=sonar
      - POSTGRES_DB=sonar
    volumes:
      - postgresql_data:/var/lib/postgresql/data

networks:
  sonarnet:
    driver: bridge

volumes:
  sonarqube_data:
  sonarqube_logs:
  postgresql_data:

Step 2: Run the below command:

compose up -d

Step 3: After running the command, it will take some time and once the sonar is up you will be able to see the running process in your Docker as shown below:

Step 4: Visit the URL: http://localhost:9000/ for the first time and provide the credentials as

Username: admin

Password: admin

Step 5: It will ask to change the password please provide the necessary details (Welcome1 preferable)

Step 6: Visit http://localhost:9000/profiles to check the AEM profiles as shown below:

Step 7: Now execute the below command to run the sonar analysis on your project:

mvn -Dsonar.login=admin -Dsonar.password=Welcome1 clean install sonar:sonar

Step 8: Visit URL: http://localhost:9000/projects to check your project scan report and overview:

Setting up Sonarqube with Sonarlint:

Requirement:

Install sonarlint plugin into Intelij

Step 1: Click on the Sonarlint plugin configuration as shown below:

Step 2: Configure the connection and provide the URL:

Step 3: Generate the token by going into your profile, providing the token name and creating the token or you can also select credentials to authenticate.

Step 4: Once you are successfully logged in you will see the success message.

Step 5: Once you analyze the project it will show up the sonar rules based on the Sonaqube profile rules.