- checkstyle a source code analyzer config
- spotbugs
- PMD a source code analyzer config
- Apache versions plugin config to auto update dependencies
<plugin>
<artifactId>maven-checkstyle-plugin</artifactId>
<version>${maven-checkstyle-plugin.version}</version>
<configuration>
<encoding>${project.build.sourceEncoding}</encoding>
<consoleOutput>true</consoleOutput>
<failsOnError>true</failsOnError>
<failOnViolation>${maven-checkstyle-plugin.failOnViolation}</failOnViolation>
<logViolationsToConsole>${maven-checkstyle-plugin.logViolationsToConsole}</logViolationsToConsole>
<violationSeverity>warning</violationSeverity>
<linkXRef>true</linkXRef>
<skip>${maven-checkstyle-plugin.skip}</skip>
</configuration>
<executions>
<execution>
<id>checkstyle-validate</id>
<phase>validate</phase>
<goals>
<goal>check</goal>
</goals>
<configuration>
<sourceDirectories>${project.build.sourceDirectory}</sourceDirectories>
<includeTestSourceDirectory>false</includeTestSourceDirectory>
<configLocation>/checkstyle/checkstyle.xml</configLocation>
<outputFile>${project.build.directory}/checkstyle/checkstyle-result.xml</outputFile>
<cacheFile>${project.build.directory}/checkstyle/checkstyle-cache</cacheFile>
</configuration>
</execution>
<execution>
<id>checkstyle-validate-test</id>
<phase>validate</phase>
<goals>
<goal>check</goal>
</goals>
<configuration>
<sourceDirectories/>
<testSourceDirectories>${project.build.testSourceDirectory}</testSourceDirectories>
<includeTestSourceDirectory>true</includeTestSourceDirectory>
<configLocation>/checkstyle/checkstyle-test.xml</configLocation>
<outputFile>${project.build.directory}/checkstyle/checkstyle-result-test.xml</outputFile>
<cacheFile>${project.build.directory}/checkstyle/checkstyle-cache-test</cacheFile>
</configuration>
</execution>
</executions>
<dependencies>
<dependency>
<groupId>com.puppycrawl.tools</groupId>
<artifactId>checkstyle</artifactId>
<version>${maven-checkstyle-plugin.checkstyle.rules.version}</version>
</dependency>
<dependency>
<groupId>com.bondarenko.platform</groupId>
<artifactId>platform-code-quality-java11</artifactId>
<version>${platform-code-quality-java11.version}</version>
</dependency>
</dependencies>
</plugin>
<maven-checkstyle-plugin.version>3.1.2</maven-checkstyle-plugin.version>
<maven-checkstyle-plugin.checkstyle.rules.version>8.43</maven-checkstyle-plugin.checkstyle.rules.version>
<maven-checkstyle-plugin.version/>
<maven-checkstyle-plugin.skip/>
<maven-checkstyle-plugin.failOnViolation/>
<maven-checkstyle-plugin.logViolationsToConsole/>
<maven-checkstyle-plugin.checkstyle.rules.version/>
<platform-code-quality-java11.version/>
Add to maven properties
<maven-checkstyle-plugin.skip>true<maven-checkstyle-plugin.skip>
-
You can use
java.lang.SuppressWarningsannotation@SuppressWarnings({"EmptyLineSeparator", "SingleSpaceSeparator"}) // or @SuppressWarnings({"checkstyle:EmptyLineSeparator", "checkstyle:SingleSpaceSeparator"})
-
You can ignore all checkstyle rules for a block of code with comment filter
//CHECKSTYLE:OFF SingleSpaceSeparator ignored code here //CHECKSTYLE:ON SingleSpaceSeparator
Your can check the following path for production
code: <project>/target/checkstyle/checkstyle-result.xml
And for test code: <project>/target/checkstyle/checkstyle-test.xml
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>${spotbugs-maven-plugin.version}</version>
<configuration>
<skip>${spotbugs-maven-plugin.skip}</skip>
<effort>Max</effort>
<threshold>Low</threshold>
<failOnError>true</failOnError>
<spotbugsXmlOutput>true</spotbugsXmlOutput>
<spotbugsXmlOutputDirectory>${project.build.directory}/spotbugs</spotbugsXmlOutputDirectory>
<excludeFilterFile>/spotbug/exclude-find-bugs-filter.xml</excludeFilterFile>
<spotbugsXmlOutputFilename>source-check.xml</spotbugsXmlOutputFilename>
<includeTests>true</includeTests>
<plugins>
<plugin>
<groupId>com.h3xstream.findsecbugs</groupId>
<artifactId>findsecbugs-plugin</artifactId>
<version>${spotbugs-maven-plugin.spotbugs.findsecbugs-plugin.version}</version>
</plugin>
</plugins>
</configuration>
<executions>
<execution>
<id>spotbugs-check</id>
<phase>pre-integration-test</phase>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
<dependencies>
<dependency>
<groupId>com.bondarenko.platform</groupId>
<artifactId>platform-code-quality-java11</artifactId>
<version>${platform-code-quality-java11.version}</version>
</dependency>
<dependency>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs</artifactId>
<version>${spotbugs-maven-plugin.spotbugs.version}</version>
</dependency>
</dependencies>
</plugin>
<spotbugs-maven-plugin.spotbugs.version>4.2.3</spotbugs-maven-plugin.spotbugs.version>
<spotbugs-maven-plugin.spotbugs.findsecbugs-plugin.version>1.10.1</spotbugs-maven-plugin.spotbugs.findsecbugs-plugin.version>
<spotbugs-maven-plugin.version/>
<spotbugs-maven-plugin.skip/>
<spotbugs-maven-plugin.spotbugs.findsecbugs-plugin.version/>
<spotbugs-maven-plugin.spotbugs.version/>
<platform-code-quality-java11.version/>
<spotbugs-maven-plugin.skip>true</spotbugs-maven-plugin.skip>
-
You can use
edu.umd.cs.findbugs.annotations.SuppressFBWarningsannotation@SuppressFBWarnings("CRLF_INJECTION_LOGS") @PostMapping("/logout") void logout(@UserIdentifier UserId userId) { log.info("logout '{}'", userId); }
Can be imported from
<dependency>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-annotations</artifactId>
<scope>provided</scope>
</dependency>
Your can check the following path for production code and
tests: <project>/target/spotbugs/source-check.xml
<plugin>
<artifactId>maven-pmd-plugin</artifactId>
<version>${maven-pmd-plugin.version}</version>
<configuration>
<skip>${maven-pmd-plugin.skip}</skip>
<linkXRef>true</linkXRef>
<sourceEncoding>${project.build.sourceEncoding}</sourceEncoding>
<minimumTokens>60</minimumTokens>
<targetJdk>${project.java.version}</targetJdk>
<printFailingErrors>${maven-pmd-plugin.printFailingErrors}</printFailingErrors>
<failOnViolation>${maven-pmd-plugin.failOnViolation}</failOnViolation>
<outputDirectory>${project.build.directory}/pmd</outputDirectory>
<targetDirectory>${project.build.directory}/pmd</targetDirectory>
<includeTests>true</includeTests>
<rulesets>
<ruleset>/pmd/ruleset.xml</ruleset>
</rulesets>
</configuration>
<executions>
<execution>
<phase>pre-integration-test</phase>
<goals>
<goal>check</goal>
<goal>cpd-check</goal>
</goals>
</execution>
</executions>
<dependencies>
<dependency>
<groupId>net.sourceforge.pmd</groupId>
<artifactId>pmd-core</artifactId>
<version>${maven-pmd-plugin.pmd-rules.version}</version>
</dependency>
<dependency>
<groupId>net.sourceforge.pmd</groupId>
<artifactId>pmd-java</artifactId>
<version>${maven-pmd-plugin.pmd-rules.version}</version>
</dependency>
<dependency>
<groupId>net.sourceforge.pmd</groupId>
<artifactId>pmd-xml</artifactId>
<version>${maven-pmd-plugin.pmd-rules.version}</version>
</dependency>
<dependency>
<groupId>com.bondarenko.platform</groupId>
<artifactId>platform-code-quality-java11</artifactId>
<version>${platform-code-quality-java11.version}</version>
</dependency>
</dependencies>
</plugin>
<maven-pmd-plugin.version>3.13.0</maven-pmd-plugin.version>
<maven-pmd-plugin.failOnViolation>true</maven-pmd-plugin.failOnViolation>
<maven-pmd-plugin.printFailingErrors>true</maven-pmd-plugin.printFailingErrors>
<maven-pmd-plugin.pmd-rules.version>6.35.0</maven-pmd-plugin.pmd-rules.version>
<maven-pmd-plugin.version/>
<maven-pmd-plugin.skip/>
<maven-pmd-plugin.printFailingErrors/>
<maven-pmd-plugin.failOnViolation/>
<maven-pmd-plugin.pmd-rules.version/>
<platform-code-quality-java11.version/>
<maven-pmd-plugin.skip>true</maven-pmd-plugin.skip>
You can use java.lang.SuppressWarnings annotation
@SuppressWarnings("PMD.AvoidFileStream")
void login(@UserIdentifier UserId userId) throws FileNotFoundException {
new FileInputStream(userId.getUsername());
log.info("login '{}'", userId);
}
Your can check the following path for production code and tests: <project>/target/pmd/pmd.html
To check duplicates report: <project>/target/pmd/cpd.html