On top of the coding rules provided by the SonarQube engine, you can activate rules from Checkstyle, FindBugs, PMD, Clirr, and fb-contrib. However, we highly recommend that you limit your Quality Profiles to from the SonarQube engine because we believe they are faster, more accurate (fewer false positives and false negatives), and more usable (they have better descriptions, etc). Read this blog post for more details.
If your Quality Profile contains rules from the SonarQube engine or FindBugs rules, then byte code will be required by the analysis.
- SonarQube Runner: recommended for all non-Maven projects
- Maven: recommended for all projects built with Maven
- SonarQube Ant Task: to integrate with projects built with Ant
- Gradle: to integrate with projects built with Gradle
Note that you must provide both source code and compiled byte code if the Quality Profile in use contains either SonarQube-native rules, or FindBugs rules.