SonarGo: Go Analyzer for SonarQube
Switch branches/tags
Nothing to show
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
common-rule-engine Fix FP on S2761 (#303) May 1, 2018
its Use sonar-plugin-api 7.2-RC1 (#330) Jun 14, 2018
sonar-go-plugin Fix wildcard support for Windows (and add ITs for it) (#329) Jun 11, 2018
uast-generator-go fix quotes in UT report path configuration (#328) Jun 8, 2018
uast-generator-java Use released artefact of SonarJava May 28, 2018
.gitignore Add descriptions for external rules (#319) Jun 5, 2018
.gitmodules Add ruling test Mar 23, 2018
Jenkinsfile Use BURGRX for notifications Nov 2, 2018
LICENSE Add LICENSE to be used in headers Mar 28, 2018
LICENSE.txt Add LICENSE to be used in headers Mar 28, 2018 Add UAST reference documentation (#236) Apr 13, 2018
build.gradle Replace bintray urls with (#341) Sep 25, 2018
gradlew Rule engine skeleton (#1) Feb 27, 2018
gradlew.bat Rule engine skeleton (#1) Feb 27, 2018
settings.gradle Add basic ITs Apr 3, 2018
sonarpedia.json Update rules metadata (#325) Jun 8, 2018


Build Status Quality gate Coverage

SonarGo is a SonarQube code analyzer for the Go language.


  • Rules for detecting bugs, vulnerabilities and code smells.
  • Metrics (Cognitive complexity, NCLOC, ...)
  • Display of code coverage
  • Duplication detection

Note: The SonarGo plugin is not compatible with the GoLang community plugin. If you are using it, you need to uninstall it to test SonarGo.



./gradlew build

Run build with ruling:

git submodule update --init  # first time
ruling=true ./gradlew build --info --no-daemon

Run plugin integration tests:

./gradlew integrationTest --info

Repository Structure

This SonarQube plugin uses an intermediate representation format to provide issues and metrics on a Go project. The intermediate format is a json file representing an UAST (Universal Abstract Syntax Tree).

Universal Abstract Syntax Tree - Reference Documentation

Uast node is defined by class UastNode. Package helpers contains convenient classes to work with the tree.

Two modules are responsible for the source code conversion into a json UAST:

  • uast-generator-go Use the native Go parser and convert the AST tree into an UAST
  • uast-generator-java Use the sonar-java parser to produce UAST, just here to ensure that the UAST can support several programming languages.

Language agnostic rule engine module

  • common-rule-engine Rule engine with rules based on UAST

The SonarQube Go analyzer plugin

  • sonar-go-plugin SonarQube plugin using uast-generator-go and common-rule-engine to provide rules and metrics for Go language

License headers

Generate license headers for non-Go files with the command:

./gradlew licenseFormat

The license plugins doesn't work for Go files. At the moment we create/edit them manually. When doing so, make sure to add a blank line after the license header, otherwise go doc will treat it as documentation string. To verify that no unintended documentation was added, run go doc inside uast-generator-go.


Copyright 2018-2018 SonarSource.

Licensed under the GNU Lesser General Public License, Version 3.0