- Python 3.x
- Python 2.x
Discover and update the Python-specific properties in Administration > General Settings > Languages > Python.
Handling project Python version
Python code is analyzed by default as compatible with python 2 and python 3. Some issues will be automatically silenced to avoid raising False Positives. In order to get a more precise analysis you can specify the Python versions your code supports via the
The accepted format is a comma-separated list of versions having the format "X.Y"
sonar.python.version=2.7, 3.7, 3.8, 3.9
The Python analyzer parses the source code, creates an abstract syntax tree (AST), and then walks through the entire tree. A coding rule is a visitor that is able to visit nodes from this AST.
As soon as the coding rule visits a node, it can navigate its children and log issues if necessary.
Writing a plugin
Custom rules for Python can be added by writing a SonarQube Plugin and using Python analyzer APIs. Here are the steps to follow:
Create a SonarQube plugin
- Create a standard SonarQube plugin project.
- Attach this plugin to the SonarQube Python analyzer through the
- Add the dependency to the Python analyzer.
- Add the following line in the sonar-packaging-maven-plugin configuration.
- Implement the following extension points:
- Declare the RulesDefinition as an extension in the Plugin extension point.
Implement a rule
- Create a class that will hold the implementation of the rule, it should:
- define the rule name, key, tags, etc. with Java annotations.
- declare this class in the
To get started a sample plugin can be found here: python-custom-rules.
To explore a part of the AST, override a method from the PythonCheckTree. For example, if you want to explore "if statement" nodes, override PythonCheckTree#visitIfStatement method that will be called each time an ifStatement node is encountered in the AST.
When overriding a visit method, you must call the super method in order to allow the visitor to visit the children of the node.
To explore a part of the AST, override
PythonSubscriptionCheck#initialize and call the
SubscriptionCheck.Context#registerSyntaxNodeConsumer with the
Tree#Kind of node you want to visit. For example, if you want to explore "if statement" you should register to the kind
Tree#Kind#IF_STATEMENT and then provide a lambda that will consume a
SubscriptionContext to act on such ndoes.
To test custom checks you can use method
PythonCheckVerifier#verify. Don't forget to add the testkit dependency to access this class from your project :
You should end each line having an issue with a comment in the following form:
Comment syntax is described here.
- Importing external issues (Pylint, Bandit, Flake8)
- Test coverage and execution (the Coverage tool provided by Ned Batchelder, Nose, pytest)
Check the issue tracker for this language.
© 2008-2022, SonarSource S.A, Switzerland. Except where otherwise noted, content in this space is licensed under a Creative Commons Attribution-NonCommercial 3.0 United States License. SONARQUBE is a trademark of SonarSource SA. All other trademarks and copyrights are the property of their respective owners.