11624 as shown there could be some value.

Comment From: wilkinsona

I'm not opposed to adding extra code quality checks to the build as long as they don't slow things down too much and can be run locally prior to pushing a change.

Comment From: snicoll

I am ok to integrate it as long as it is an integral part of our development process and we take the time to craft a profile that eliminates what we consider false positive. The direct side effect of that is that we need a quality gate with concrete actions when it doesn't pass.

Comment From: igor-suhorukov

@wilkinsona it is possible to create maven profile to run locally on local SonarQube instance, also possible run IntelliJ Idea SonarLint plugin with rules and settings from http://sonarcloud.io. SonarLint can analyse only on VCS changed files. We need measure sonar plugin overhead on typical project build.

Comment From: wilkinsona

Thanks for the info. Running a local instance is what I’ve done in the past and I’ve found it cumbersome and awkward. I’d like a way to analyse code locally but using the rules defined in the server. At a minimum I think that analysis needs to happen in command line builds (as we do today with Checkstyle). Being able to run them in IntelliJ and Eclipse would be a nice bonus.

Comment From: igor-suhorukov

I’d like a way to analyse code locally but using the rules defined in the server

I know only local IDE approach: SonarLint with remote rule server configuration sonarling-screenshot

Comment From: philwebb

Perhaps running PMD and FindBugs as part of the build would be better. That might potentially find the same issues without requiring the server. This article has some relevant background.

Comment From: igor-suhorukov

@philwebb FindBugs is unsupported and outdated, HuntBugs also dead. Only Sonar complex rules analyser is alive. It is possible to run IntelliJ Idea analyser from scripts, but difficult to enforce rules and generate buid reports from output.

Comment From: wilkinsona

I wonder how much mileage we’d get out of using jQAssistant? At first look, it’s incredibly flexible and integrates with Maven. It looks like it could do what we might want, but it may require quite a bit of effort if we have to write many of the queries ourselves. I think @olivergierke may have some experience with it and could perhaps offer some advice.

Comment From: igor-suhorukov

@wilkinsona thank you for information! Very interesting framework in terms of code structure querying in SQL like language.

Comment From: shakuzen

FindBugs is unsupported and outdated, HuntBugs also dead. Only Sonar complex rules analyser is alive.

AFAIK, SpotBugs is alive and the successor to FindBugs.

Comment From: igor-suhorukov

@shakuzen thank you!

Comment From: philwebb

We've decided to stick with our current approach of tools we can use directly in the build.