Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Because FindSecBugs, fb-contrib are extensions of SpotBugs, their issues are included in the file generated for SpotBugs issues. There is no specific file for them.

Import of PMD Reports

Please refer to the PMD documentation to know how to generate the issues reports.

Once you have the report generated, you need to feed the property "sonar.java.pmd.reportPaths". This property accepts one or more PMD reports, paths to report files should be absolute or relative to the project base directory. 

Code Block
languagebash
sonar.java.pmd.reportPaths=./target/pmd.xml

...

Import of Checkstyle Reports

Please refer to the Checkstyle documentation to know how to generate the issues reports.

Once you have the report generated, you need to feed the property "sonar.java.pmd.reportPaths>
<sonar.java.checkstyle.reportPaths>./target/checkstyle-result.xml</sonar.java.checkstyle.reportPaths>

Import of Checkstyle Reports

reportPaths". This property accepts one or more Checkstyle reports, paths to report files should be absolute or relative to the project base directory. 

Code Block
languagebash
sonar.java.pmdcheckstyle.reportPaths=./target/pmdcheckstyle-result.xml

Maven User?

If you are a Maven user and you want to quickly play with all of this:

  1. Update Open your pom.xml and in the <plugins> section with add the following plugins:

    Code Block
    <plugin>
      <groupId>org.apache.maven.plugins</groupId>
      <artifactId>maven-pmd-plugin</artifactId>
      <version>3.10.0</version>
    </plugin>
    <plugin>
      <groupId>com.github.spotbugs</groupId>
      <artifactId>spotbugs-maven-plugin</artifactId>
      <version>3.1.1</version>
      <configuration>
        <effort>Max</effort>
    	<threshold>Low</threshold>
    	<failOnError>true</failOnError>
    	<includeFilterFile>${session.executionRootDirectory}/spotbugs-security-include.xml</includeFilterFile>
        <plugins>
    	  <plugin>
    	    <groupId>com.h3xstream.findsecbugs</groupId>
    		<artifactId>findsecbugs-plugin</artifactId>
    	    <version>LATEST</version> <!-- Auto-update to the latest stable -->
    	  </plugin>
        </plugins>
      </configuration>
    </plugin>



  2. Add or update the <properties> section with:

    Code Block
    <properties>
      <sonar.java.spotbugs.reportPaths>./target/spotbugsXml.xml</sonar.java.spotbugs.reportPaths>
      <sonar.java.pmd.reportPaths>./target/pmd.xml</sonar.java.pmd.reportPaths>
      <sonar.java.checkstyle.reportPaths>./target/checkstyle-result.xml</sonar.java.checkstyle.reportPaths>
    </properties>


  3. Execute:

    Code Block
    mvn clean package spotbugs:spotbugs pmd:pmd checkstyle:checkstyle sonar:sonar


...