SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
XML

XML static code analysis

Unique rules to find Bugs and Code Smells in your XML code

  • All rules 37
  • Vulnerability7
  • Bug5
  • Security Hotspot9
  • Code Smell16
Filtered: 6 rules found
convention
    Impact
      Clean code attribute
        1. pom elements should be in the recommended order

           Code Smell
        2. Artifact ids should follow a naming convention

           Code Smell
        3. Group ids should follow a naming convention

           Code Smell
        4. Source code should be indented consistently

           Code Smell
        5. Tabulation characters should not be used

           Code Smell
        6. Lines should not be too long

           Code Smell

        pom elements should be in the recommended order

        consistency - conventional
        maintainability
        Code Smell
        • convention
        • maven

        Why is this an issue?

        More Info

        The POM Code Convention is the Maven project’s internal recommendation for POM element ordering. It calls for listing modifiers in the following order:

        1. <modelVersion/>
        2. <parent/>
        3. <groupId/>
        4. <artifactId/>
        5. <version/>
        6. <packaging/>
        7. <name/>
        8. <description/>
        9. <url/>
        10. <inceptionYear/>
        11. <organization/>
        12. <licenses/>
        13. <developers/>
        14. <contributors/>
        15. <mailingLists/>
        16. <prerequisites/>
        17. <modules/>
        18. <scm/>
        19. <issueManagement/>
        20. <ciManagement/>
        21. <distributionManagement/>
        22. <properties/>
        23. <dependencyManagement/>
        24. <dependencies/>
        25. <repositories/>
        26. <pluginRepositories/>
        27. <build/>
        28. <reporting/>
        29. <profiles/>

        Not following this convention has no technical impact, but will reduce the pom’s readability because most developers are used to the standard order.

          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube Community BuildAnalyze code in your
          on-premise CI
          Available Since
          9.3
        • SonarQube ServerAnalyze code in your
          on-premise CI
          Developer Edition
          Available Since
          9.3

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use