I have a few modules(projects and subprojects) in my application (in Gradle) and i have added plugins: PMD, checkstyle, findbugs. Those plugins create their own reports in their directory (for example: PMD makes directory "PMD" in directory "reports" and put there report). I would like to have a one report for all those plugins. It is possible to do that? And if yes, how do that?
You can't simply configure them to create a shared report together. However, you can use for this purpose either SonarQube or QualityGate. Both tools can execute the above mentioned plugins and they can generate a summarized report as you required.
You probably want take a look at SonarQube. It basically gathers reports of mentioned tools and shows them via nice web app. It can also gather test coverage reports and is free.
Not sure how it can be integrated with Gradle, but we have it integrated with Jenkins. There is also Eclipse plugin I used.
QualityGate (that was mentioned by Csuki) is paid solution.
Related
New to Sonar. Am comfortable with checkstyle and jacoco.
What I am exploring is in a a gradle project, give developers ability to run style checks and code coverage reports locally, but then use bamboo to publish reports in sonar.
Is this a viable option ? I can see that jacoco plugin and sonar plugin can be in the same build.gradle and so guessing that jacoco reports can be got from sonar. However am unsure how checkstyle integration works. From what I see, I can add a checkstyle plugin to sonar, but then I will have to define rules in SonarQube. I will like to keep checkstyle configuration locally so developers can run a local check before commiting code.
Bear with me if the questions are naive.
Your goal: enable developers to run the same set of rules locally that are applied in a SonarQube scan.
The means: SonarLint offers a "connected mode" for IntelliJ, Eclipse, and Visual Studio. Assuming you're using the SonarQube Analyzers, they'll get on-the-fly checking as they code using the same rule set locally as is applied in an analysis. If the profile changes on the server, it can be manually re-synchronized in the IDE.
The hitch: to make this work seamlessly, you should look at replacing your Checkstyle rules with the ones offered by the SonarQube Analyzer for Java (i.e. the Java plugin). Almost all of the "valuable" rules from Checkstyle have been replaced in the Java plugin.
I've set up a Sonar installation on our build server so that we can maintain reporting on our coding rules compliance, code coverage, etc.
What I want to do is maintain this Sonar installation as the main source of our checkStyle, findBugs and PMD rules. Sonar supports this by letting you modify the rules its using and export them. I can then import these rules to developer machines running IntelliJ Idea with the QAPlug plugin.
The problem is that I have to import profiles individually. Which means I will have to run QAPlug with the checkStyle profile, then then the PMD plugin, then the findBugs plugin. This is a few too many steps to expect developers to do all the time.
I can combine them within the plugin itself, so that it executes PMD, checkStyle and findBugs rules at the same time. But then the amount of steps to maintain the profile becomes too large. ie. Modify rule in Sonar, export 3 profiles, combine 3 profiles into one, distribute to developers.
Is there a better way of achieving this goal?
Turns out that you can import into an already existing profile. So I just needed to import all 3 files into QAPlug, and now I have a combined profile.
I am looking for a tool, ideally a maven plugin, which can analyse a project and outputs a dependency graph. The graph would show the dependencies between classes, and the output format would be exploitable by a program.
I would like to generate this graph automatically after compiling a project.
Do you have some leads? Thank you.
Clarification: I'm not looking for dependencies between maven artifacts, but between classes in my own project (inter-class dependencies)
The only directly usable tool through Maven I can think of is JDepend. However, the maven plugin itself will only generate an HTML report, and at an initial glance I'm not sure how easy it will be to parse.
However, JDepend can produce XML when run through Ant, which can easily be done with the Maven AntRun Plugin.
Another Maven running Ant solution could be with the Eclipse Metrics Plugin. On top of being an easy to use eclipse plugin, it also has instructions for running through Ant.
The only two other dependency analysis solutions I can think of probably won't fit what you're doing. One is Sonar, which has a fairly comprehensive design view which shows dependencies at a library, package, and class level. However, this is only accessible through a web interface. The other is with Google's Java Analytix tool, which has the ability to generate a dependency chart and report.
Two plugins exists for the purpose
el4j
maven-graph-plugin
On the link, you can find a simple usage of these plugins.
I want to use same configuration for FindBugs irrespective of whether it is executed form eclipse or ant build.
Using ant FindBugs task, it is possible to specify which classes FindBugs should analyze. However, FindBugs eclipse plugin has no such option. It considers all classes in the buildpath.
E.g. In case of maven based project the eclipse build path contains both application classes and test classes. I want FindBugs eclipse plugin to not analyze test classes. Is it possible?
Is there a way to customize FindBugs eclipse plugin to indicate classes to analyze?
Thanks in advance.
It doesn't seem possible, but you could create a second project referencing the same source files (sources only, not tests).
Findbugs would only be active with that second project, for you to inspect the result of a static code analysis.
You can specify exclusion filter for Java project via preferences -> filter. The filter file is written in xml. See "Filters" chapter in FB manual: http://findbugs.sourceforge.net/manual/filter.html.
Since 2.0.3 one also can re-use Eclipse configuration with ant builds, see the help for "userPreferencesFile" ant option: http://findbugs.sourceforge.net/manual/anttask.html#d0e1339
We use Hudson for our continuous integration which provides us with easy to browse build reports showing compiler warnings, unit test results and coverage (EMMA), pmd, checkstyle and findbugs violations.
Although we each have the relevant plugins installed locally in Eclipse, it often seems easier to simply commit to SVN in order to trigger a Hudson build and generate a build report showing the above info rather than checking with each plugin.
Is there something that developers could install locally (i.e. an Eclipse plugin perhaps) to generate similar reports? Or would it be feasible to somehow use Hudson for this purpose?
You can also install Sonar, which includes all the tools you list (except EMMA which is a plugin). Try it, it's free and open source ! http://sonar.codehaus.org
You Can install hudson locally easily. It is a runnable jar.
Try it. You'll like it.