Repository files navigation

Static Code Analysis wraps around Checkstyle, Spotbugs, PMD and CPD, offering new featuresand extensions to the encapsulated plugins, making it easier to use them and providingbetter results with minimum effort.

Out of the box, with just applying the plugin you get:

• Improved build performance. Spotbugs and PMD will ignore changes to autogeneratedAndroid files (R.class andBuildConfig.class)
• Android Lint task is reconfigured to detect when it's up-to-date and cache results
• Better PMD and Spotbugs analysis, allowing both tools to look into Android's SDK classes when performing analysis.
• More detectors, by automatically including:
  • fb-contrib
  • Monits Findbugs
• Automatically use the latest available version of each tool compatible with theused Gradle version. Just updating Gradle will introduce newer tools.
• Checkstyle and Spotbugs support remote file configuration, which they normally don't.
• Easy configuration through DSL.
• Easily and reliably includecustom Android Lint rules accross teams and CI servers.
• Backporting of fixes and improvements from later Gradle versions (in case you can't update)
• Fully compatible with the use of Android's build cache.

We are onthe Grade Plugin Portal, so you can simply do:

plugins {  id'com.monits.staticCodeAnalysis' version'3.1.1'}

or, you could also do

buildscript {  repositories {    maven {      url'https://plugins.gradle.org/m2/'    }  }  dependencies {    classpath'com.monits:static-code-analysis-plugin:3.1.1'  }}applyplugin:'com.monits.staticCodeAnalysis'

or, directly from jcenter

buildscript {  repositories {    jcenter()  }  dependencies {    classpath'com.monits:static-code-analysis-plugin:3.1.1'  }}applyplugin:'com.monits.staticCodeAnalysis'

Prior to version 3.0.0 Findbugs was used instead of Spotbugs.

Configuring Static Code Analysis is very simple and intuitive thanks to its DSL. You can choosewhich encapsulated plugin to run and set its configuration files. Here is a quick example

staticCodeAnalysis {    spotbugs=true    checkstyle=true    pmd=true    cpd=true    androidLint=true    ignoreErrors=true// default rules    spotbugsExclude="$project.rootProject.projectDir/config/spotbugs/excludeFilter.xml"    checkstyleRules='https://raw.githubusercontent.com/Monits/static-code-analysis-plugin/staging/defaults/checkstyle/checkstyle-cache.xml'    pmdRules= ['https://raw.githubusercontent.com/Monits/static-code-analysis-plugin/staging/defaults/pmd/pmd.xml','https://raw.githubusercontent.com/Monits/static-code-analysis-plugin/staging/defaults/pmd/pmd-android.xml' ]    androidLintConfig='https://raw.githubusercontent.com/Monits/static-code-analysis-plugin/staging/defaults/android/android-lint.xml'    sourceSetConfig {        test {// or the name of any other sourceset// use a more relaxed ruleset            checkstyleRules='config/checkstyle/test-checkstyle.xml'            spotbugsExclude='config/spotbugs/test-spotbugs.xml'            pmdRules= ['config/pmd/test-pmd.xml','https://raw.githubusercontent.com/Monits/static-code-analysis-plugin/staging/defaults/pmd/pmd-android.xml' ]        }    }}

By default, all plugins are applied, errors will not fail the build, and rules and exclusions willbe taken fromthis repository's latest defaults

Prior to version 3.0.0 Findbugs was used instead of Spotbugs. If using the old version, the DSL is equivalent,but usesfindbugs instead ofspotbugs for all properties.

All v2.x Findbugs DSL properties are automatically maped to Spotbugs in v3.x for easier upgrading

Rules used by PMD, Spotbugs and Checkstyle can be overriden per-sourceset under thesourceSetConfig block.

To include custom lint rules, you can simply include the jars as dependencies underandroidLint.For instance, you could includeMonits' Android Linters by adding:

dependencies {    androidLint'com.monits:android-linters:1.+'}

The plugin will add the following tasks:

• cpd
• checkstyle, depends on:
  • acheckstyleSourcesetname task per source-set (checkstyleMain,checkstyleTest, so on).
• spotbugs, depends on:
  • aspotbugsSourcesetname task per source-set (spotbugsMain,spotbugsTest, so on).
• pmd, depends on:
  • apmdSourcesetname task per source-set (pmdMain,pmdTest, so on).

Prior to version 3.0.0 Findbugs was used instead of Spotbugs. The oldfindbugs* tasks are still available and map to the correspondingspotbugs* task

All tasks, are hooked to be run as part of thecheck task of the Java Plugin.

As always feel free to contribute in any shape or form, we look forward to your feedback!.

If you re seeing things being reported which you think shouldn't it could be one of two things:

1. It's a false-positive. The tool is convinced of a violation that is simply not there. These should be reported tothe tool's developers in a Github issue.
2. You have found yourself in a corner case, where the rule, even 'though correct, doesn't really apply to a particular snippet of code.These should beabsolute exceptions, if you find yourself in this scenario all the time, consider modifying the set of applied rules.

Since every tool has its own suppression mechanism, you should refer to its documentation:

• Android Lint:Documentation
• Checkstyle:Documentation
• CPD:Documentation
• Spotbugs:Annotations documentation;@SupressFBWarningsjavadoc
• PMD:Documentation

Copyright 2010-2017 Monits S.A.

Licensed under the Apache License, Version 2.0 (the "License"); you may not usethis work except in compliance with the License. You may obtain a copy of theLicense at:

http://www.apache.org/licenses/LICENSE-2.0