violations-lib
Introduction: Java library for parsing report files from static code analysis.
Tags:
This is a Java library for parsing report files like static code analysis.
Example of supported reports are available here.
A number of parsers have been implemented. Some parsers can parse output from several reporters.
Reporter | Parser | Notes | |||
---|---|---|---|---|---|
ARM-GCC | CLANG |
||||
AndroidLint | ANDROIDLINT |
||||
Ansible-Later | ANSIBLELATER |
With json format |
|||
AnsibleLint | FLAKE8 |
With -p |
|||
Bandit | CLANG |
With bandit -r examples/ -f custom -o bandit.out --msg-template "{abspath}:{line}: {severity}: {test_id}: {msg}" |
|||
CLang | CLANG |
||||
CPD | CPD |
||||
CPPCheck | CPPCHECK |
With cppcheck test.cpp --output-file=cppcheck.xml --xml |
|||
CPPLint | CPPLINT |
||||
CSSLint | CSSLINT |
||||
Checkstyle | CHECKSTYLE |
||||
CloudFormation Linter | JUNIT |
cfn-lint . -f junit --output-file report-junit.xml |
|||
CodeClimate | CODECLIMATE |
||||
CodeNarc | CODENARC |
||||
Coverity | COVERITY |
||||
Dart | MACHINE |
With dart analyze --format=machine |
|||
Dependency Check | SARIF |
Using --format SARIF |
|||
Detekt | CHECKSTYLE |
With --output-format xml . |
|||
DocFX | DOCFX |
||||
Doxygen | CLANG |
||||
ERB | CLANG |
With `erb -P -x -T '-' "${it}" \ | ruby -c 2>&1 >/dev/null \ | grep '^-' \ | sed -E 's/^-([a-zA-Z0-9:]+)/${filename}\1 ERROR:/p' > erbfiles.out`. |
ESLint | CHECKSTYLE |
With format: 'checkstyle' . |
|||
Findbugs | FINDBUGS |
||||
Flake8 | FLAKE8 |
||||
FxCop | FXCOP |
||||
GCC | CLANG |
||||
GHS | GHS |
||||
Gendarme | GENDARME |
||||
Generic reporter | GENERIC |
Will create one single violation with all the content as message. | |||
GoLint | GOLINT |
||||
GoVet | GOLINT |
Same format as GoLint. | |||
GolangCI-Lint | CHECKSTYLE |
With --out-format=checkstyle . |
|||
GoogleErrorProne | GOOGLEERRORPRONE |
||||
HadoLint | CHECKSTYLE |
With -f checkstyle |
|||
IAR | IAR |
With --no_wrap_diagnostics |
|||
Infer | PMD |
Facebook Infer. With --pmd-xml . |
|||
JACOCO | JACOCO |
||||
JCReport | JCREPORT |
||||
JSHint | JSLINT |
With --reporter=jslint or the CHECKSTYLE parser with --reporter=checkstyle |
|||
JUnit | JUNIT |
It only contains the failures. | |||
KTLint | CHECKSTYLE |
||||
Klocwork | KLOCWORK |
||||
KotlinGradle | KOTLINGRADLE |
Output from Kotlin Gradle Plugin. | |||
KotlinMaven | KOTLINMAVEN |
Output from Kotlin Maven Plugin. | |||
Lint | LINT |
A common XML format, used by different linters. | |||
MSBuildLog | MSBULDLOG |
With -fileLogger use .*msbuild\\.log$ as pattern or -fl -flp:logfile=MyProjectOutput.log;verbosity=diagnostic for a custom output filename |
|||
MSCpp | MSCPP |
||||
Mccabe | FLAKE8 |
||||
MyPy | MYPY |
||||
NullAway | GOOGLEERRORPRONE |
Same format as Google Error Prone. | |||
PCLint | PCLINT |
PC-Lint using the same output format as the Jenkins warnings plugin, details here | |||
PHPCS | CHECKSTYLE |
With phpcs api.php --report=checkstyle . |
|||
PHPPMD | PMD |
With phpmd api.php xml ruleset.xml . |
|||
PMD | PMD |
||||
Pep8 | FLAKE8 |
||||
PerlCritic | PERLCRITIC |
||||
PiTest | PITEST |
||||
ProtoLint | PROTOLINT |
||||
Puppet-Lint | CLANG |
With -log-format %{fullpath}:%{line}:%{column}: %{kind}: %{message} |
|||
PyDocStyle | PYDOCSTYLE |
||||
PyFlakes | FLAKE8 |
||||
PyLint | PYLINT |
With pylint --output-format=parseable . |
|||
ReSharper | RESHARPER |
||||
RubyCop | CLANG |
With rubycop -f clang file.rb |
|||
SARIF | SARIF |
v2.x. Microsoft Visual C# can generate it with ErrorLog="BuildErrors.sarif,version=2" . |
|||
SbtScalac | SBTSCALAC |
||||
Scalastyle | CHECKSTYLE |
||||
Semgrep | SEMGREP |
With --json . |
|||
Simian | SIMIAN |
||||
Sonar | SONAR |
With mvn sonar:sonar -Dsonar.analysis.mode=preview -Dsonar.report.export.path=sonar-report.json . Removed in 7.7, see SONAR-11670 but can be retrieved with: `curl --silent 'http://sonar-server/api/issues/search?componentKeys=unique-key&resolved=false' \ |
jq -f sonar-report-builder.jq > sonar-report.json`. | ||
Spotbugs | FINDBUGS |
||||
StyleCop | STYLECOP |
||||
SwiftLint | CHECKSTYLE |
With --reporter checkstyle . |
|||
TSLint | CHECKSTYLE |
With -t checkstyle |
|||
Valgrind | VALGRIND |
With --xml=yes . |
|||
XMLLint | XMLLINT |
||||
XUnit | XUNIT |
It only contains the failures. | |||
YAMLLint | YAMLLINT |
With -f parsable |
|||
ZPTLint | ZPTLINT |
52 parsers and 79 reporters.
Missing a format? Open an issue here!
Usage
Very easy to use with a nice builder pattern
List<Violation> violations = violationsReporterApi() //
.withPattern(".*/findbugs/.*\\.xml$") //
.inFolder(rootFolder) //
.findAll(FINDBUGS) //
.violations();
It can also export the violations to the CodeClimate and SARIF formats with:
.codeClimate()
.sarif()
If you need to convert a report from one format to another, the command line tool is probably easiest to use.
The library is used in a bunch of other projects, these are some of them.
Command line:
- Violations Command Line Can parse, log, fail, and/or export to
CodeClimate
andSarif
files.Sarif
is how GitHub is supported, andCodeClimate
can be used with GitLab, see README. - Violation Comments to GitLab Command Line
- Violation Comments to Bitbucket Server Command Line
- Violation Comments to Bitbucket Cloud Command Line
Gradle:
Maven:
Jenkins:
And these supporting libraries: