{"id":16708509,"url":"https://github.com/framstag/acousticrules","last_synced_at":"2025-08-30T04:08:32.616Z","repository":{"id":144737152,"uuid":"583676956","full_name":"Framstag/acousticrules","owner":"Framstag","description":"Java Application to create Sonar Quality Profiles","archived":false,"fork":false,"pushed_at":"2023-12-29T11:59:12.000Z","size":323,"stargazers_count":3,"open_issues_count":5,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-08-30T04:08:14.977Z","etag":null,"topics":["sonar","sonarcloud","sonarqube"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Framstag.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-12-30T14:39:57.000Z","updated_at":"2023-04-02T18:01:28.000Z","dependencies_parsed_at":"2024-12-18T10:11:05.834Z","dependency_job_id":"cb9e2945-c2b4-48d6-b66c-2d81ab5ba2f2","html_url":"https://github.com/Framstag/acousticrules","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/Framstag/acousticrules","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Framstag%2Facousticrules","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Framstag%2Facousticrules/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Framstag%2Facousticrules/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Framstag%2Facousticrules/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Framstag","download_url":"https://codeload.github.com/Framstag/acousticrules/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Framstag%2Facousticrules/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":272800970,"owners_count":24995187,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-30T02:00:09.474Z","response_time":77,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["sonar","sonarcloud","sonarqube"],"created_at":"2024-10-12T19:45:04.136Z","updated_at":"2025-08-30T04:08:32.586Z","avatar_url":"https://github.com/Framstag.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AcousticRules\n\n## Attention\n\nSome of the mechanism likely have to get adapted in the future, since SonarQube\ndeprecated some of the feature we are currently rely on.\n\nSee [Documentation regarding issues and their attributes](https://docs.sonarsource.com/sonarqube/latest/user-guide/issues/). Note especially deprecations regarding\n\n- issue types\n- issue severity\n- Categorisation regarding [Clean Code](https://docs.sonarsource.com/sonarqube/latest/user-guide/clean-code/)\n\nI also see, that there are some rules that have no tags, while may make them fall through the selection process, too.\n\nSince the new clean code based attributes are also available in the downloaded\nrule definition data, we can extend AcousticRules to have such information also available and add additional filter criteria to group rules based on this information, too. \n\n## What is AcousticRules?\n\nIt a simple application that works on an exported sonar ruleset\nfor a programming language (for example C++ or Java) by using a\nsimple  JSON-based DSL to define groups of rules by selection and filtering,\nallows modification of these groups of rules or individual rules in a group.\nFrom these modified rules it then generates a QualityProfile.xml than can get\nimported into Sonar.\n\nThe idea behind this is, that you do not manually manage your rules, especially\ntheir severity. You want to assign your personal Severity group\nwise (\"all Bugs are BLOCKER\") with possibly only a few exclusions\n(...but not this one). AcousticRules allows you to do this, especially\nif Sonar implements new rules or deprecates old rules you just regenerate\nand reimport the QualityProfile. It also allows you to generate\nvariants of profiles in an easy way.\n\nThis may be useful, in cases, where you do not want to use the default severity\nof Sonar, you do not have a company-wide Sonar quality profile but want to \ntailor the profile for your application or want to produce a family of \nsimilar quality profiles with little variance.\n\nAcousticRules may be helpful in situations where severity depends on the ranking of quality\nfeatures of your software, especially security, maintainability or compatibility\nto some standard may be ranked differently from project to project.\n\nIt may also be helpful, if you have a legacy application where you want to\nstart with a small set of rules and later on bulk add groups of rules\nfrom time to time as quality improves.\n\nAcousticRules also generates markdown files for documentation\nwhile at it, so you do ot only have a QualityProfile but a documentation\nwhy the severity of a rule is the way it is.\n\n## Other Reasons\n\nAcousticRules is also a test application for me in my search to \ngenerate simple DSLs for simple data modifications and\ntransformations without writing a custom Scanner/Parser or a \nParser generator tool.\n\nIt teaches me how in this case to build JSON based DSLs\n(with their advantages and disadvantages).\n\n## About the Name\n\nI try to avoid product names in the name of my projects but try to find\na useful association....and in the end, a name is just a unique id.\n\n## License\n\nThe application and its data files are under Apache License 2.0.\n\n## The Idea behind AcousticRules\n\nThe idea of AcousticRule sis, the grouping of Sonar rules into disjunctive \ngroups, where each group has a clear topic. Grouping is done based\non the different information available on rules.\n\nAfter separating the rules into different groups you can easily manipulate\nrules with in a group together. Examples are \n\n- Disabling\n- Increasing or decreasing severity\n\nIndividual rule manipulation of course is still possible.\n\nFinally, a rich documentation is created state in which group a rule is,\nwhy it is in group. It also documents manipulation of rules together\nwith the reason for manipulation.\n\nIt is suggested to start with clarifying the ranking quality requirements\non your project and this manipulate the severity of rules accordingly.\n\nAcousticRules already comes with a rich et of group definitions, however\nyou can write your own groups.\n\n## How does it work?\n\nAcousticRules internal mechanic implements the following steps:\n\n1. Loading of the passed rule export files.\n2. Loading of the processing group definitions (in the standard directory layout (the rules/*.json files)\n3. Executing the processing group definitions resulting in a list of rules for each group\n4. (Optional) Check for rules being in multiple rules\n5. (Optional) Loading of the passed QualityProfile\n6. (Optional) Executing the Quality Profile, resulting in modified group sof rules\n7. (Optional) Generation of the Sonar Quality Profile file (*.xml)\n8. (Optional) Generation of the QualityProfile documentation (*.md))\n\nThe execution of the processing group definition consists of the following (sub-) steps:\n\n1. Execution of the list of selectors creating a list of rules\n2. Execution of the list of filters on this list of rules, resulting in a possibly reduced list of rules\n\nThe execution of the QualityProfile group definition consists of the following (sub-) steps:\n\n1. Execution of the list of filters, further reducing the list of rules\n2. Execution of the list of modifiers on the list of rules returning the same list, but with potentially modified rules\n\n## Selectors, Filters and Modifier\n\n### Selectors\n\n| Name           | Parameter                |\n|----------------|--------------------------|\n| SelectWithKey  | \"keys\": Array of String  | \n| SelectWithTag  | \"tags\": Array of String  |\n| SelectWithType | \"types\": Array of String | \n\n### Filters\n\n| Name              | Parameter                |\n|-------------------|--------------------------|\n| DropWithKey       | \"keys\": Array of String  |\n| DropWithTag       | \"tags\": Array of String  |\n| DropWithType      | \"types\": Array of String |\n| DropNotWithType   | \"types\": Array of String |\n| RemoveDeprecated  |                          |\n\n### Modifier\n\n| Name           | Parameter                                       |\n|----------------|-------------------------------------------------|\n| ChangeSeverity | \"from\": String, \"to\": String                    |\n| DisableByKey   | \"keys\": Array of String                         |\n| SetParamForKey | \"key\": String, \"param\": String, \"value\": String |\n| SetSeverity    | \"keys\": Array of String, \"to\": String           |\n\n### Dropping vs. Disabling\n\nDropped rules are remove from the internal lists and thus will not occur\nin a documentation (yu also will not se the reason for dropping there). \n\nDisabled rules will stay in the list but will be removed from the \ngenerated QualityProfile. They will however appear in the documentation\nand thus will mention the reason for disabling.\n\nRecommendation: Do not remove rules in the QualityProfile definition, \njust disabled them since you will get a better documentation.\n\n## Roll your own vs. pull requests...\n\nThere is no need to use the rule sin the `rules` subdirectory.\nYou can always roll your own rules, diving the rules into\ngroups by your own criteria.\n\nHowever, we are interested to further enhance the quality of groups,\npossibly creating more fine granular groups, allowing even better\nfine-tuning of the QualityProfile.\n\nEspecially better separation of toolset, compilers, environments\nwould be helpful.\n\nSo, patches are welcome :-)\n\n## Downloading of Rules from a Sonar Server\n\nFor AcousticRules you need a list of Rules for a programming\nlanguage. You can download such a list via the REST API and for example\ncurl.\n\nSee the following example for the Sonarcloud instance:\n\n```bash\ncurl -v -u \u003cuser_token\u003e: -o rules1.json \"https://sonarcloud.io/api/rules/search?organization=\u003corganisation\u003e\u0026languages=\u003clanguage\u003e\u0026ps=500\u0026p=\u003cpage\u003e\"\n```\n\nwhere:\n\n| Placeholder  | Meaning                                                        |\n|--------------|----------------------------------------------------------------|\n| user_token   | **Sonar** user token for authentication                        |\n| organisation | Name of the organisation the user belongs to (e.g. `framstag`) |\n | language     | name of the language, see below                                |\n| page         | Number of page                                                 |\n\nNote that Sonar uses paging, so ou will not get all rules in one go but must \ntraverse pages by maximum 500 rules.\n\nDepending on your installation, filtering by organization is not supported or\nat least not required.\n\nNames for languages:\n\n| Language   | Name |\n|------------|------|\n| Java       | java |\n| C++        | cpp  |\n| TypeScript | ts   |\n| HTML       | web  | \n| CSS        | css  |\n\n## Commandline Options\n\nCommandline options are still quickly changing, so I suggest to simply\ncall AcousticRules --help.\n\nThe current command lines for generating a C++ quality profile are:\n\n```bash\n--stopOnDuplicates @rules_import.options -q CPP_QualityProfile.json cpp_rules1.json cpp_rules2.json\n```\n\nwhere `cpp_rules1.json` and `cpp_rules2.json` are the C++ rules downloaded\nvia the Sonar REST API.\n\n## Error Handling\n\nCurrently, there is none. I plan to either do schema validation or use\nBean Validation API in the context of JSON data loading to add simple\ninput validation.\n\nUp to that time you will get Null-Pointer Exception and low level JSON\ndeserialization errors.\n\n## How to Build\n\nAcousticRules needs Java 17 or higher to build as it uses some\nfeature of this version.\n\nThe build creates a `*.jar` and an \"all-in-one\" jar for execution\nand distribution.\n\nIf GraalVM is installed you can create a native executable by setting\nthe `native` profile (`mvn -pnative package')","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fframstag%2Facousticrules","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fframstag%2Facousticrules","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fframstag%2Facousticrules/lists"}