How are folks integrating various static analysis tools such as PMD, Checkstyle, and FindBugs so that they are used together in some uniform way? In particular, I'm interested in generating a single uniform report that includes warnings from all tools. Also, I want to be able to mark-up my code with reasonably consistent looking warning suppressions.
人们如何整合各种静态分析工具,如PMD,Checkstyle和FindBugs,以便它们以统一的方式一起使用?特别是,我有兴趣生成一个统一的报告,其中包含来自所有工具的警告。此外,我希望能够通过合理一致的警告抑制来标记我的代码。
My question here is not meant to address tool "overlap" where, say, PMD and Checkstyle are looking for the same things. That is another issue.
我这里的问题并不是要解决工具“重叠”,比如PMD和Checkstyle正在寻找相同的东西。那是另一个问题。
Please see some of my thoughts on the matter in an answer to a related question.
请在回答相关问题时查看我对此事的一些看法。
5 个解决方案
#1
2
I stumbled across JcReport today, which I think does exactly what you are looking for. At least, it handles the reports in a combined way; suppressions are still tool-specific. This tool claims to support automatically integrating the output of PMD, CPD, FindBugs, CheckStyle, and Cobertura into a single HTML report.
今天我偶然发现了JcReport,我认为这正是你正在寻找的。至少,它以组合的方式处理报告;抑制仍然是特定于工具的。该工具声称支持自动将PMD,CPD,FindBugs,CheckStyle和Cobertura的输出集成到单个HTML报告中。
I haven't tried it yet, but definitely intend to soon.
我还没有尝试过,但绝对打算很快。
#2
2
Another option is glean. http://jbrugge.com/glean/
另一种选择是收集。 http://jbrugge.com/glean/
From their website: Glean is a framework of Ant scripts for generating feedback on a team's source code. Glean's goal is to make it possible to add feedback to your build cycle with as little pain as possible. The scripts drive a number of open-source tools and collect the resulting HTML for you to deploy to a project website or some other common team area. Add it at the end of a daily build cycle and it is a quick way to keep a number of feedback sources up to date and in one place.
从他们的网站:Glean是一个Ant脚本框架,用于生成团队源代码的反馈。 Glean的目标是尽可能减少对构建周期的反馈。这些脚本驱动了许多开源工具并收集生成的HTML,以便您部署到项目网站或其他一些常见的团队区域。在每日构建周期结束时添加它,这是一种快速方法,可以在一个地方保持大量反馈源的最新状态。
#3
1
I am not clear on what qualifies as a single uniform report in your book but here is what I do.
我不清楚你的书中有什么资格作为单一的统一报告,但这就是我的工作。
I use Maven2 for builds and with it you can configure a series of reporting plugins (including PMD, CPD, checkstyle, coberturba, etc). Maven will also auto-generate a website (site plugin) for your project which contains all the reports in a nice easy-to-navigate webpage format.
我使用Maven2进行构建,使用它可以配置一系列报告插件(包括PMD,CPD,checkstyle,coberturba等)。 Maven还将为您的项目自动生成一个网站(网站插件),其中包含一个易于浏览的网页格式的所有报告。
#4
0
If you build your project with Maven, and you have those tools "plugged in" to your Maven build, then the Maven report that is generated for the build will include the output of those static analysis tools.
如果使用Maven构建项目,并且已将这些工具“插入”到Maven构建中,那么为构建生成的Maven报告将包括这些静态分析工具的输出。
#5
0
Thanks for the responses!
谢谢你的回复!
The goal here is to configure these tools so that they behave in some similar manner with respect to each other. This goes beyond simply dumping whatever report they generate automatically, or using whatever warning suppression hint they use out-of-the-box.
这里的目标是配置这些工具,使它们以相似的方式相互作用。这不仅仅是简单地转储它们自动生成的任何报告,或者使用它们开箱即用的任何警告抑制提示。
For example, I have PMD, Checkstyle, and FindBugs configured to report all warnings in the following format:
例如,我将PMD,Checkstyle和FindBugs配置为以下列格式报告所有警告:
/absolute-path/filename:line-number:column-number: warning(tool-name): messageSo a warning might look like this:
所以警告可能如下所示:
/project/src/com/example/Foo.java:425:9: warning(Checkstyle): Missing a Javadoc comment.Also, all warning suppressions in my source code are marked with a symbol that includes the string "SuppressWarnings" regardless of the static analysis tool being surpressed. Sometimes this symbol is an annotation, sometimes it's in a comment, but it always has that name.
此外,我的源代码中的所有警告抑制都标有包含字符串“SuppressWarnings”的符号,无论静态分析工具是否被抑制。有时这个符号是注释,有时它在注释中,但它总是有这个名称。
I explain these ideas in a bit more detail here.
我在这里更详细地解释这些想法。
#1
2
I stumbled across JcReport today, which I think does exactly what you are looking for. At least, it handles the reports in a combined way; suppressions are still tool-specific. This tool claims to support automatically integrating the output of PMD, CPD, FindBugs, CheckStyle, and Cobertura into a single HTML report.
今天我偶然发现了JcReport,我认为这正是你正在寻找的。至少,它以组合的方式处理报告;抑制仍然是特定于工具的。该工具声称支持自动将PMD,CPD,FindBugs,CheckStyle和Cobertura的输出集成到单个HTML报告中。
I haven't tried it yet, but definitely intend to soon.
我还没有尝试过,但绝对打算很快。
#2
2
Another option is glean. http://jbrugge.com/glean/
另一种选择是收集。 http://jbrugge.com/glean/
From their website: Glean is a framework of Ant scripts for generating feedback on a team's source code. Glean's goal is to make it possible to add feedback to your build cycle with as little pain as possible. The scripts drive a number of open-source tools and collect the resulting HTML for you to deploy to a project website or some other common team area. Add it at the end of a daily build cycle and it is a quick way to keep a number of feedback sources up to date and in one place.
从他们的网站:Glean是一个Ant脚本框架,用于生成团队源代码的反馈。 Glean的目标是尽可能减少对构建周期的反馈。这些脚本驱动了许多开源工具并收集生成的HTML,以便您部署到项目网站或其他一些常见的团队区域。在每日构建周期结束时添加它,这是一种快速方法,可以在一个地方保持大量反馈源的最新状态。
#3
1
I am not clear on what qualifies as a single uniform report in your book but here is what I do.
我不清楚你的书中有什么资格作为单一的统一报告,但这就是我的工作。
I use Maven2 for builds and with it you can configure a series of reporting plugins (including PMD, CPD, checkstyle, coberturba, etc). Maven will also auto-generate a website (site plugin) for your project which contains all the reports in a nice easy-to-navigate webpage format.
我使用Maven2进行构建,使用它可以配置一系列报告插件(包括PMD,CPD,checkstyle,coberturba等)。 Maven还将为您的项目自动生成一个网站(网站插件),其中包含一个易于浏览的网页格式的所有报告。
#4
0
If you build your project with Maven, and you have those tools "plugged in" to your Maven build, then the Maven report that is generated for the build will include the output of those static analysis tools.
如果使用Maven构建项目,并且已将这些工具“插入”到Maven构建中,那么为构建生成的Maven报告将包括这些静态分析工具的输出。
#5
0
Thanks for the responses!
谢谢你的回复!
The goal here is to configure these tools so that they behave in some similar manner with respect to each other. This goes beyond simply dumping whatever report they generate automatically, or using whatever warning suppression hint they use out-of-the-box.
这里的目标是配置这些工具,使它们以相似的方式相互作用。这不仅仅是简单地转储它们自动生成的任何报告,或者使用它们开箱即用的任何警告抑制提示。
For example, I have PMD, Checkstyle, and FindBugs configured to report all warnings in the following format:
例如,我将PMD,Checkstyle和FindBugs配置为以下列格式报告所有警告:
/absolute-path/filename:line-number:column-number: warning(tool-name): messageSo a warning might look like this:
所以警告可能如下所示:
/project/src/com/example/Foo.java:425:9: warning(Checkstyle): Missing a Javadoc comment.Also, all warning suppressions in my source code are marked with a symbol that includes the string "SuppressWarnings" regardless of the static analysis tool being surpressed. Sometimes this symbol is an annotation, sometimes it's in a comment, but it always has that name.
此外,我的源代码中的所有警告抑制都标有包含字符串“SuppressWarnings”的符号,无论静态分析工具是否被抑制。有时这个符号是注释,有时它在注释中,但它总是有这个名称。
I explain these ideas in a bit more detail here.
我在这里更详细地解释这些想法。