violations-lib
Introduction: Java library for parsing report files from static code analysis.
Tags:
This is a Java library for parsing report files like static code analysis.
Example of supported reports are available here.
| Version | Java Version |
|---|---|
| version < 1.156.8 | 8 |
| 1.156.8 <= version | 11 |
A number of parsers have been implemented. Some parsers can parse output from several reporters.
| Reporter | Parser | Notes | |||
|---|---|---|---|---|---|
| ARM-GCC | CLANG |
||||
| AndroidLint | ANDROIDLINT |
||||
| Ansible-Later | ANSIBLELATER |
With json format |
|||
| AnsibleLint | FLAKE8 |
With -p |
|||
| Bandit | CLANG |
With bandit -r examples/ -f custom -o bandit.out --msg-template "{abspath}:{line}: {severity}: {test_id}: {msg}" |
|||
| CLang | CLANG |
||||
| CPD | CPD |
||||
| CPPCheck | CPPCHECK |
With cppcheck test.cpp --output-file=cppcheck.xml --xml |
|||
| CPPLint | CPPLINT |
||||
| CSSLint | CSSLINT |
||||
| Checkstyle | CHECKSTYLE |
||||
| CloudFormation Linter | JUNIT |
cfn-lint . -f junit --output-file report-junit.xml |
|||
| CodeClimate | CODECLIMATE |
||||
| CodeNarc | CODENARC |
||||
| Coverity | COVERITY |
||||
| Dart | MACHINE |
With dart analyze --format=machine |
|||
| Dependency Check | SARIF |
Using --format SARIF |
|||
| Detekt | CHECKSTYLE |
With --output-format xml. |
|||
| DocFX | DOCFX |
||||
| Doxygen | CLANG |
||||
| ERB | CLANG |
With `erb -P -x -T '-' "${it}" \ | ruby -c 2>&1 >/dev/null \ | grep '^-' \ | sed -E 's/^-([a-zA-Z0-9:]+)/${filename}\1 ERROR:/p' > erbfiles.out`. |
| ESLint | CHECKSTYLE |
With format: 'checkstyle'. |
|||
| Findbugs | FINDBUGS |
||||
| Flake8 | FLAKE8 |
||||
| FxCop | FXCOP |
||||
| GCC | CLANG |
||||
| GHS | GHS |
||||
| Gendarme | GENDARME |
||||
| Generic reporter | GENERIC |
Will create one single violation with all the content as message. | |||
| GoLint | GOLINT |
||||
| GoVet | GOLINT |
Same format as GoLint. | |||
| GolangCI-Lint | CHECKSTYLE |
With --out-format=checkstyle. |
|||
| GoogleErrorProne | GOOGLEERRORPRONE |
||||
| HadoLint | CHECKSTYLE |
With -f checkstyle |
|||
| IAR | IAR |
With --no_wrap_diagnostics |
|||
| Infer | PMD |
Facebook Infer. With --pmd-xml. |
|||
| JACOCO | JACOCO |
||||
| JCReport | JCREPORT |
||||
| JSHint | JSLINT |
With --reporter=jslint or the CHECKSTYLE parser with --reporter=checkstyle |
|||
| JUnit | JUNIT |
It only contains the failures. | |||
| KTLint | CHECKSTYLE |
||||
| Klocwork | KLOCWORK |
||||
| KotlinGradle | KOTLINGRADLE |
Output from Kotlin Gradle Plugin. | |||
| KotlinMaven | KOTLINMAVEN |
Output from Kotlin Maven Plugin. | |||
| Lint | LINT |
A common XML format, used by different linters. | |||
| MSBuildLog | MSBULDLOG |
With -fileLogger use .*msbuild\\.log$ as pattern or -fl -flp:logfile=MyProjectOutput.log;verbosity=diagnostic for a custom output filename |
|||
| MSCpp | MSCPP |
||||
| Mccabe | FLAKE8 |
||||
| MyPy | MYPY |
||||
| NullAway | GOOGLEERRORPRONE |
Same format as Google Error Prone. | |||
| PCLint | PCLINT |
PC-Lint using the same output format as the Jenkins warnings plugin, details here | |||
| PHPCS | CHECKSTYLE |
With phpcs api.php --report=checkstyle. |
|||
| PHPPMD | PMD |
With phpmd api.php xml ruleset.xml. |
|||
| PMD | PMD |
||||
| Pep8 | FLAKE8 |
||||
| PerlCritic | PERLCRITIC |
||||
| PiTest | PITEST |
||||
| ProtoLint | PROTOLINT |
||||
| Puppet-Lint | CLANG |
With -log-format %{fullpath}:%{line}:%{column}: %{kind}: %{message} |
|||
| PyDocStyle | PYDOCSTYLE |
||||
| PyFlakes | FLAKE8 |
||||
| PyLint | PYLINT |
With pylint --output-format=parseable. |
|||
| ReSharper | RESHARPER |
||||
| RubyCop | CLANG |
With rubycop -f clang file.rb |
|||
| SARIF | SARIF |
v2.x. Microsoft Visual C# can generate it with ErrorLog="BuildErrors.sarif,version=2". |
|||
| SbtScalac | SBTSCALAC |
||||
| Scalastyle | CHECKSTYLE |
||||
| Semgrep | SEMGREP |
With --json. |
|||
| Simian | SIMIAN |
||||
| Sonar | SONAR |
With mvn sonar:sonar -Dsonar.analysis.mode=preview -Dsonar.report.export.path=sonar-report.json. Removed in 7.7, see SONAR-11670 but can be retrieved with: `curl --silent 'http://sonar-server/api/issues/search?componentKeys=unique-key&resolved=false' \ |
jq -f sonar-report-builder.jq > sonar-report.json`. | ||
| Spotbugs | FINDBUGS |
||||
| StyleCop | STYLECOP |
||||
| SwiftLint | CHECKSTYLE |
With --reporter checkstyle. |
|||
| TSLint | CHECKSTYLE |
With -t checkstyle |
|||
| Valgrind | VALGRIND |
With --xml=yes. |
|||
| XMLLint | XMLLINT |
||||
| XUnit | XUNIT |
It only contains the failures. | |||
| YAMLLint | YAMLLINT |
With -f parsable |
|||
| ZPTLint | ZPTLINT |
52 parsers and 79 reporters.
Missing a format? Open an issue here!
Usage
Very easy to use with a nice builder pattern
List<Violation> violations = violationsReporterApi() //
.withPattern(".*/findbugs/.*\\.xml$") //
.inFolder(rootFolder) //
.findAll(FINDBUGS) //
.violations();
It can also export the violations to the CodeClimate and SARIF formats with:
.codeClimate().sarif()
If you need to convert a report from one format to another, the command line tool is probably easiest to use.
The library is used in a bunch of other projects, these are some of them.
Command line:
- Violations Command Line Can parse, log, fail, and/or export to
CodeClimateandSariffiles.Sarifis how GitHub is supported, andCodeClimatecan be used with GitLab, see README. - Violation Comments to GitLab Command Line
- Violation Comments to Bitbucket Server Command Line
- Violation Comments to Bitbucket Cloud Command Line
Gradle:
Maven:
Jenkins:
And these supporting libraries:
