Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Removed references to SSLR toolkit for VB.NET and C#

There are two ways to extend coding rules:

  1. Writing custom rules in Java via a SonarQube plugin
  2. Adding XPath rules directly through the SonarQube web interface.Extending an existing SonarQube plugin. For example Checkstyle and PMD plugins accept definitions of custom checks

Note that the Java API, if available, will be more fully-featured than what's available for XPath, and is generally preferable.


Before implementing a new coding rule, you should consider whether it is specific to your own context or might benefit others. If it might benefit others, you can propose them on the developer mailing- list. If the SonarQube team find your proposed rules interesting, they may be implemented directly in the related language plugin. It means less maintenance for you, and benefit to others.

Writing Custom Rules in Java

The following languages can be extended with new rules written in Java: COBOL and Java.


To get started a sample plugin can be browsed or downloaded/plugins/java-custom-rules.

To go further, you can have a look at the following classes implementing coding rules:



See how to extend COBOL rules.



SonarQube provides a quick and easy way to add new coding rules directly via the web interface for certain languages (C/C++, C#COBOL, Cobol, Flex, Java, JavaScript, PL/I, PL/SQL, and Python and VB.NET).

The rules must be written in XPath to  (version 1.0) to navigate the language's Abstract Syntax Tree (AST). For each language, an SSLR Toolkit is provided to help you navigate the AST. Each language's SSLR Toolkit is a standalone application that displays the AST for a piece of code source that you feed into it, allowing you to read the node names and attributes from your code sample and write your XPath expression. The proper SSLR Toolkit can be downloaded from the language plugin page. So, knowing the Knowing the XPath language is the only prerequisite, and there are a lot of tutorials on XPath online (see for example).

The proper SSLR Toolkit can be downloaded from the language plugin page or here:


For an SSLR preview, consider the following JavaScript source code sample:


Once your new rule is written, you can add it SonarQube:

  1. Login as an Quality profile administrator
  2. Go to Configuration > Quality Profile
  3. Select one of the quality profiles for the language you wish to add the rule to
  4. Look for the XPath rule template:
    Image RemovedImage Added
  5. Copy the template to create a new rule:
  6. Paste in the XPath rule (it should comply to XPath 1.0) you wrote and tested using the SSLR toolkit:

    Here are two examples of JavaScript XPath rules:

    Do not use document.write

    Code Block
    //callExpression/memberExpression[count(*) = 3 and primaryExpression[@tokenValue = "document"] and identifierName[@tokenValue = "write"]]

    Always use curly braces for if/else statements:

    Code Block
  7. Once your rule is added to SonarQube, activate it in a profile and run an analysis.
  8. Issues on those XPath rules are now logged:

Extending SonarQube Plugins

The following languages can be extended with new rules: