Continuous Integrations plugins | PMD Source Code Analyzer

Table of Contents

Introduction

PMD can be integrated through some of the Continuous Integration tools that exist now. This page lists some plugins to do so. If you think, something is missing here, please let us know.

Note: The tools are listed in alphabetical order without rating.

In general, if PMD is integrated via build tools like Maven or Gradle you can configure your build to fail if there are violations. This will also mark your CI pipeline as failed. That means, PMD can be used even without a special plugin for your CI solution.

However, having an extra plugin can provide better developer experience: Some plugins provide a nice graph over the found violations, so that you can see immediately the status of your build concerning rule violations. Or it provides access to PMD’s report in an easier way by integrating the report into the CI interface. Other plugins display rule violations directly inline in your codebase as annotations or provide automated code review by adding comments to pull/merge requests.

Atlassian Bamboo

There are two apps for Atlassian Bamboo in the marketplace. These display violations found by PMD and duplications found by CPD directly in job-build view.

GitHub Action

PMD provides its own GitHub Action, that can be integrated in custom workflows.

It can execute PMD with your own ruleset against your project. It creates a SARIF report which is uploaded as a build artifact. Furthermore, the build can be failed based on the number of violations.

The action can also be used as a code scanner to create “Code scanning alerts”.

Homepage: https://github.com/pmd/pmd-github-action
Marketplace: https://github.com/marketplace/actions/pmd

GitLab

GitLab provides support for various code scanning tools. The results (e.g. number of violations) are displayed for merge requests, pipeline runs and for the entire project as code quality.

GitLab requires a specific report format, which PMD doesn’t support natively. Therefore, there is a component required to convert a PMD report into GitLab’s Code Quality report format.

Documentation: https://docs.gitlab.com/ee/ci/testing/code_quality.html
PMD CI/CD component

Additionally, GitLab supports various analyzers for Static Application Security Testing (SAST). Among these analyzers is also pmd-apex analyzer.

Jenkins Plugin

Ullrich Hafner developed the Warnings Next Generation plugin for Jenkins. It supports PMD among many other linting tools.

Homepage: https://plugins.jenkins.io/warnings-ng/
Source: https://github.com/jenkinsci/warnings-ng-plugin and https://github.com/jenkinsci/analysis-model

Tags: