The existing ecosystem
R code quality is addressed by many tools. Here is an honest overview
of the existing landscape and where rsonar fits in.
Underlying tools used by rsonar
lintr — static analysis
lintr (CRAN) is the
reference R linter, maintained by the r-lib community. It detects:
- Style errors (naming, indentation, line length)
- Anti-patterns (
Tinstead ofTRUE,1:length(x)instead ofseq_along(x)) - Excessive cyclomatic complexity
- Dead or commented-out code
Limitations in standalone usage: lintr produces results in the console or text files, without aggregation, visual reporting, or debt calculation.
styler — automatic formatting
styler (CRAN) applies the
tidyverse style guide. It can reformat code automatically
(style_dir()) or check compliance without modification
(dry = "on").
Limitations in standalone usage: no consolidated reporting, no native CI integration.
covr — test coverage
covr (CRAN) measures test
coverage line by line. It exports to Codecov, Coveralls and Cobertura
(GitLab CI format).
Limitations in standalone usage: raw numeric results, no configurable Quality Gate threshold.
goodpractice — packaging best practices
goodpractice (GitHub) checks
~25 R best practices: unused dependencies, deprecated functions,
T_and_F_symbol, etc.
Limitations in standalone usage: package-oriented only, does not work on plain scripts.
Alternatives to rsonar in the R ecosystem
r-lib/actions — GitHub Actions for R
r-lib/actions offers
pre-built GitHub actions (check-r-package,
test-coverage, lint). Excellent GitHub
integration, but:
- GitLab not natively supported
- No consolidated HTML report
- No debt calculation
- No configurable Quality Gate
pak + rcmdcheck
rcmdcheck runs R CMD check and captures
results. Very comprehensive for CRAN package validation, but:
- Does not handle style or technical debt
- Raw, non-visual results
SonarQube Community Edition (native)
SonarQube supports R since version 9.x via the community plugin sonar-r-plugin. This plugin is:
- Poorly maintained (last significant activity 2021)
- Limited in rules (< 20 rules vs 100+ in lintr)
- Requires a dedicated SonarQube instance
Comparison table
| Feature | rsonar | lintr alone | r-lib/actions | SonarQube +plugin |
|---|---|---|---|---|
| Static analysis | ✅ | ✅ | ✅ | ⚠️ limited |
| Style checking | ✅ | ⚠️ partial | ✅ | ❌ |
| Test coverage | ✅ | ❌ | ✅ | ✅ |
| Packaging best practices | ✅ | ❌ | ❌ | ❌ |
| Interactive HTML report | ✅ | ❌ | ❌ | ✅ |
| Technical debt (SQALE) | ✅ | ❌ | ❌ | ✅ |
| Quality Gate | ✅ | ❌ | ❌ | ✅ |
| Analysis comparison | ✅ | ❌ | ❌ | ✅ |
| SARIF export | ✅ | ❌ | ❌ | ❌ |
| Trend tracking | ✅ | ❌ | ❌ | ✅ |
| Quick IDE quality score (%) | ✅ | ❌ | ❌ | ❌ |
| R scripts (non-package) | ✅ | ✅ | ❌ | ❌ |
| Native GitLab CI | ✅ | ⚠️ manual | ❌ | ✅ (server) |
| Native GitHub Actions | ✅ | ⚠️ manual | ✅ | ✅ (server) |
| SonarQube JSON export | ✅ | ❌ | ❌ | N/A |
| JUnit XML export | ✅ | ❌ | ✅ | ✅ |
| Zero server required | ✅ | ✅ | ✅ | ❌ |
| Pure R language | ✅ | ✅ | ✅ | ❌ Java |
Added value of rsonar
1. Single entry point
One function, sonar_analyse(), replaces 4 separate
calls. The result is a coherent S3 object that can be passed to
sonar_report(), quality_gate(),
export_junit(), export_sarif(), etc.
2. Visual report without infrastructure
sonar_report() generates an HTML report without
a server, without Docker, without a database. It opens in the
browser and can be archived as a CI artifact.
3. Quantified technical debt
The SQALE model (Software Quality Assessment based on Lifecycle Expectations) is the same used by SonarQube:
Each category (lint errors, style, missing coverage…) contributes to a total debt in minutes, allowing you to prioritize fixes.
4. Quality Gate without SonarQube
# Block CI if coverage drops below 80% or lint errors exist
quality_gate(res,
coverage_min = 80,
lint_errors_max = 0,
fail_on_error = TRUE # quit(status = 1) in CI
)5. Coexistence with existing SonarQube
export_sonar_json() produces a file compatible with
SonarQube’s Generic Issue Import. Organizations with an
existing SonarQube instance for Java/Python can inject R results
without any additional plugin.
6. SARIF for GitHub Code Scanning
export_sarif() outputs the industry-standard SARIF
format, which integrates directly with GitHub Code Scanning, VS Code,
and Azure DevOps.
7. Analysis comparison and trend tracking
sonar_diff() compares two analyses to detect
regressions, while sonar_trend() persists metrics to a JSON
file for historical tracking — just like SonarQube’s project
history.
8. Works on scripts, not just packages
Unlike goodpractice or rcmdcheck,
rsonar analyzes any directory containing .R
files, even without a DESCRIPTION.
9. Quick local score without CI
quality_score() gives developers an immediate percentage
and rating directly in the IDE, without any server or CI workflow:
quality_score(".")Projects that inspired rsonar
- lintr — the tool itself, very comprehensive
- megalinter — orchestrates linters for 50+ languages in Docker
- sonar-scanner — reference for the Quality Gate model
- qodana — JetBrains code inspector, inspiration for the HTML report
- r-lib/actions — reference for R CI integration