Maven mixin providing the ability to run various static analysis plugins
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.



This module provides a maven mixin that can be incorporated into Maven module, configuring the checkstyle, pmd, javancss and findbugs plugins. This reduces the size of the maven pom.xml file for that consuming module; it simply needs to reference this module using the mixin-maven-plugin.

The appropriate configuration are included in a <profile>. Because the plugins may takes a while to run, this profile is automatically disabled in all builds. It can be enabled using a Maven property.


This module was initially developed for use within Apache Isis applications but can be used by any Java application.

How to Configure

To configure:

  • copy and paste the following into either the pom.xml of the consuming module or (better still) the pom.xml of the top-level parent of the consuming module:



  • update the following property/ies in the pom.xml of the consuming module:

        <maven-checkstyle-plugin.configLocation>checkstyle.xml</maven-checkstyle-plugin.configLocation>     (1)
        <maven-pmd-plugin.ruleset>pmd.xml</maven-pmd-plugin.ruleset>                                        (2)
    1. the location of the checkstyle.xml file

    2. the location of the pmd.xml ruleset file

  • add the following to the pom.xml of the consuming module:


How to Use:

Although all of these plugins provide various "check" goals that can be bound to the build lifecycle, this mixin does not set up any such <execution> bindings. If required, set these up in the usual way within the pom.xml of the consuming module.

However, the plugin does allow reports to be generated using the site lifecycle:

mvn clean site -Dmavenmixin-staticanalysis

This will generate HTML website in the usual target/site directory.

Known issues

None currently

Change Log

  • 0.0.2 - updates README for properties and plugin management, shortens property names and profile id

  • 0.0.1 - first release


Copyright 2016~date Dan Haywood

Licensed under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License.  You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
KIND, either express or implied.  See the License for the
specific language governing permissions and limitations
under the License.


This mixin module relies on the com.github.odavid.maven.plugins:mixin-maven-plugin, released under Apache License v2.0.

Maven deploy notes

The module is deployed using Sonatype’s OSS support (see user guide and this blog post).

The script automates the release process. It performs the following:

  • performs a sanity check (mvn clean install -o) that everything builds ok

  • bumps the pom.xml to a specified release version, and tag

  • performs a double check (mvn clean install -o) that everything still builds ok

  • releases the code using mvn clean deploy

  • bumps the pom.xml to a specified release version

For example:

sh 0.0.2 \
              0.0.3-SNAPSHOT \
              "this is not really my passphrase"


  • $1 is the release version

  • $2 is the snapshot version

  • $3 is the email of the secret key (~/.gnupg/secring.gpg) to use for signing

  • $4 is the corresponding passphrase for that secret key.

Other ways of specifying the key and passphrase are available, see the pgp-maven-plugin's documentation).

If the script completes successfully, then push changes:

git push origin master
git push origin 0.0.2

If the script fails to complete, then identify the cause, perform a git reset --hard to start over and fix the issue before trying again. Note that in the dom’s `pom.xml the nexus-staging-maven-plugin has the autoReleaseAfterClose setting set to true (to automatically stage, close and the release the repo). You may want to set this to false if debugging an issue.

According to Sonatype’s guide, it takes about 10 minutes to sync, but up to 2 hours to update search.