SAP Commerce SonarQube
Overview
Fetch Sonar issues, produce a tracking report, and apply focused fixes for SAP Commerce projects using SonarQube or SonarCloud.
Quick Start
- •
Export your token:
export SONAR_TOKEN=...(do not paste tokens in chat or commit them) - •
Fetch issues for a PR:
code
python3 scripts/sonar_fetch.py --base-url https://sonarcloud.io --project-key com.example.project --pr 1234 --since-leak-period --out /tmp/sonar_issues_pr1234.json
- •Generate a tracking report:
code
python3 scripts/sonar_report.py --in /tmp/sonar_issues_pr1234.json --out sonarqube-pr1234-smells.md --include-fix-hints
- •Compare branches (fetch both, then diff):
code
python3 scripts/sonar_fetch.py --base-url https://sonar.mycorp.local --project-key com.example.project --branch feature/ccv2 --since-leak-period --out /tmp/sonar_feature.json python3 scripts/sonar_fetch.py --base-url https://sonar.mycorp.local --project-key com.example.project --branch development --since-leak-period --out /tmp/sonar_development.json python3 scripts/sonar_diff.py --left /tmp/sonar_development.json --right /tmp/sonar_feature.json --out sonar-diff.md --left-label development --right-label feature/ccv2
- •Auto-fix newline-at-EOF issues (java:S113) in one step:
code
python3 scripts/sonar_autofix.py --base-url https://sonarcloud.io --project-key com.example.project --branch development --rule java:S113 --types CODE_SMELL --repo-root /path/to/repo --list-out /tmp/s113_files.txt --apply
- •Auto-fix unused imports (java:S1128) in one step:
code
python3 scripts/sonar_autofix.py --base-url https://sonarcloud.io --project-key com.example.project --branch development --rule java:S1128 --types CODE_SMELL --repo-root /path/to/repo --list-out /tmp/s1128_files.txt --apply
- •Auto-fix missing SAP copyright headers (java:S1451) in one step:
code
python3 scripts/sonar_autofix.py --base-url https://sonarcloud.io --project-key com.example.project --branch development --rule java:S1451 --types CODE_SMELL --repo-root /path/to/repo --list-out /tmp/s1451_files.txt --apply
- •Auto-fix Groovy trailing semicolons (groovydre:S8307) in one step:
code
python3 scripts/sonar_autofix.py --base-url https://sonarcloud.io --project-key com.example.project --branch development --rule groovydre:S8307 --types CODE_SMELL --repo-root /path/to/repo --list-out /tmp/s8307_files.txt --apply
- •Auto-fix Groovy if-statement braces (groovydre:S8306) in one step:
code
python3 scripts/sonar_autofix.py --base-url https://sonarcloud.io --project-key com.example.project --branch development --rule groovydre:S8306 --types CODE_SMELL --repo-root /path/to/repo --list-out /tmp/s8306_files.txt --apply
- •Auto-fix enum equals comparisons (java:S4551) in one step:
code
python3 scripts/sonar_autofix.py --base-url https://sonarcloud.io --project-key com.example.project --branch development --rule java:S4551 --types CODE_SMELL --repo-root /path/to/repo --list-out /tmp/s4551_files.txt --apply
- •Auto-fix logger modifiers and naming (java:S1312) in one step:
code
python3 scripts/sonar_autofix.py --base-url https://sonarcloud.io --project-key com.example.project --branch development --rule java:S1312 --types CODE_SMELL --repo-root /path/to/repo --list-out /tmp/s1312_files.txt --apply
- •Auto-fix @RequestMapping method usage (java:S4488) in one step (also adds missing mapping imports and removes unused RequestMethod imports):
code
python3 scripts/sonar_autofix.py --base-url https://sonarcloud.io --project-key com.example.project --branch development --rule java:S4488 --types CODE_SMELL --repo-root /path/to/repo --list-out /tmp/s4488_files.txt --apply
- •Auto-fix unused private fields (java:S1068) in one step:
code
python3 scripts/sonar_autofix.py --base-url https://sonarcloud.io --project-key com.example.project --branch development --rule java:S1068 --types CODE_SMELL --repo-root /path/to/repo --list-out /tmp/s1068_files.txt --apply
- •Auto-fix commented-out code blocks (java:S125) in one step:
code
python3 scripts/sonar_autofix.py --base-url https://sonarcloud.io --project-key com.example.project --branch development --rule java:S125 --types CODE_SMELL --repo-root /path/to/repo --list-out /tmp/s125_files.txt --apply
- •Auto-fix useless assignments to local variables (java:S1854) in one step:
code
python3 scripts/sonar_autofix.py --base-url https://sonarcloud.io --project-key com.example.project --branch development --rule java:S1854 --types CODE_SMELL --repo-root /path/to/repo --list-out /tmp/s1854_files.txt --apply
- •Auto-fix utility classes by adding private constructors (java:S1118) in one step:
code
python3 scripts/sonar_autofix.py --base-url https://sonarcloud.io --project-key com.example.project --branch development --rule java:S1118 --types CODE_SMELL --repo-root /path/to/repo --list-out /tmp/s1118_files.txt --apply
Workflow
- •Confirm scope: base URL, project key, PR or branch, and whether to use leak period.
- •Fetch issues with
scripts/sonar_fetch.py(use--rulesand--typeswhen targeting a specific rule). - •Create or update a tracking report with
scripts/sonar_report.py. - •Auto-fix supported rules with
scripts/sonar_autofix.py(start dry-run, then--apply). - •Fix remaining issues using the rules in
references/quality-rules.md. - •Update the report's Fix column with the actual change made.
- •Run targeted tests only if requested or clearly needed.
SAP Commerce Rules (strict)
Follow references/quality-rules.md. Key points:
- •Do not use
@SuppressWarnings. - •Do not use or remove
//NOSONARto silence issues. - •
@Requiredis deprecated but acceptable in SAP Commerce. - •Replace deprecated APIs with JDK equivalents when possible.
- •Avoid complex refactors; prefer small, behavior-preserving fixes.
Resources
scripts/
- •
sonar_api.py: Shared Sonar API helpers. - •
sonar_fetch.py: Fetch issues for a PR or branch via the Sonar API (supports--rules). - •
sonar_report.py: Generate a markdown tracking report from issues JSON. - •
sonar_diff.py: Compare two issue sets and report new/resolved issues. - •
sonar_fix_rule.py: Auto-fix supported rules from issues JSON (currentlyjava:S113,java:S1128,java:S1451,groovydre:S8307,groovydre:S8306,java:S4551,java:S1312,java:S4488with import cleanup,java:S1068,java:S125,java:S1854,java:S1118). - •
sonar_autofix.py: Fetch, present, and auto-fix supported rules in one step. - •
sonar_fix_unused_imports.py: Convenience wrapper to auto-fix unused imports (java:S1128). - •
sonar_fix_headers.py: Convenience wrapper to auto-fix missing SAP headers (java:S1451). - •
sonar_fix_groovy_semicolons.py: Convenience wrapper to auto-fix Groovy trailing semicolons (groovydre:S8307). - •
sonar_fix_groovy_braces.py: Convenience wrapper to auto-fix Groovy if-statement braces (groovydre:S8306). - •
sonar_fix_enum_equals.py: Convenience wrapper to auto-fix enum equals comparisons (java:S4551). - •
sonar_fix_loggers.py: Convenience wrapper to auto-fix logger modifiers/naming (java:S1312). - •
sonar_fix_request_mappings.py: Convenience wrapper to auto-fix @RequestMapping method usage (java:S4488). - •
sonar_fix_unused_fields.py: Convenience wrapper to auto-fix unused private fields (java:S1068). - •
sonar_fix_commented_code.py: Convenience wrapper to remove commented-out code blocks (java:S125). - •
sonar_fix_useless_assignments.py: Convenience wrapper to remove useless assignments (java:S1854). - •
sonar_fix_private_constructors.py: Convenience wrapper to add private constructors (java:S1118).
references/
- •
quality-rules.md: SAP Commerce-specific code quality rules to follow. - •
sonar-api.md: Sonar API parameters and auth notes.