Static Code Analysis Plug-ins

Added by Ulli Hafner, last edited by Anonymous on Nov 20, 2008  (view change)
Hudson
Home
Downloads
Mailing lists
Source code
Issue tracker
#
Documents
Meet Hudson
Use Hudson
Extend Hudson
Plugins
SCMs
Triggers
Build Tools
Build Wrappers
Notifiers
Reporters
Ext. Site Integration
Uploaders
Misc
Others
Container-specific Notes
Site Map

Static Code Analysis Plug-ins

Hudson understands the result files of several static code analysis tools. For each result file a different plug-in is used for configuration and parsing. Since these results are visualized by the same back-end, the description of this back-end is combined in this section. The following plug-ins use the same visualization:

When the plug-ins are active (both freestyle and m2 builds are supported) and the build is configured to run the corresponding analysis tool, then for each build a summary result trend is shown on a job's main view. Additionally, for each plug-in a link is provided in the side panel to directly jump to the results of the latest build.

Note that you'll have to add a build plugin execution to your pom, as these targets usually only get built in the site phase, not in a 'normal' build. E.g. to add findbugs you'll not only have to configure it in the reporting section, you'll also have to add:

<build>
		<plugins>
			<plugin>
				<groupId>org.codehaus.mojo</groupId>
				<artifactId>findbugs-maven-plugin</artifactId>
				<executions>
					<execution>
						<id>findbugs</id>
						<phase>verify</phase>
						<goals>
							<goal>findbugs</goal>
						</goals>
					</execution>
				</executions>
			</plugin>
			...
		</plugins>
	</build>

Build Summary

The results for each build are summarized on the build view. Here you see how may warnings or open tasks have been found for the selected build. Moreover, the summary shows the number of new and fixed warnings as well as the number of scanned or parsed files. The details views for each plug-in are accessible via hyper links. You can also directly navigate to the plug-in results by clicking into the trend image (see image above).

Result Overview

Each plug-in presents the results of a build in several overview tabs: here you see the number of the warnings or tasks per item as well as the severity distribution. The severity graphs provide a tool tip to show the actual number of warnings or tasks for each severity. By following the link in the first overview table column you will be directed to the filtered details of the selection. The overview table is sortable, so you can easily find the modules or packages with the most warnings by clicking on the table header.

  • The modules tab shows the number of warnings or open tasks per module. The module name is extracted from the pom.xml (Maven) or build.xml (Ant) build configuration files. If you are using another build tool then the path segment above the scanned analysis report file is used as module name.
  • The packages tab shows the number of warnings or open tasks per package or namespace. There is currently only support for Java or C# files.
  • The files tab shows the number of warnings or open tasks per file.
  • The categories tab shows the number of warnings per category. The available set of categories is obtained from the underlying static code analysis tool.
  • The type tab shows the number of warnings per type. The type depends on the static code analysis tool but typically is a 1:1 mapping to the actual rule that produced the warning.


The overview tabs for packages, files, categories and types are equivalent, click on the thumbnails below to view a screenshot of these tabs.

Package Overview Files Overview
Category Overview Types Overview

Result Details

The details of the individual warnings are shown in the remaining tabs. In the Details tab you will see all warnings of the current selection (e.g., a given package) printed one after another. For each warning you will see the warning message and a detailed description (with example) of the static analysis tool. If you are viewing the results of the current build then the file names are hyperlinks: clicking on the file name will open the actual source code with the selected warning highlighted.

 

The detail tabs in the other plug-ins are equivalent, click on the thumbnails below to view a screenshot of these tabs.

Checkstyle PMD Warnings

Besides this details tab there are additional tabs that show the details for a filtered sub-set of the warnings or tasks. I.e., the tabs high, normal, and low show the details of the selected severity, while the tabs new and fixed show warnings in the current build that are new or fixed, respectively.

Finally, the tab Warnings shows a sortable table of all warnings. Here you can sort the warnings by all available attributes to decide which warnings should be looked at in more detail. The warning message and description is shown when hoovering over the cell content.

Source Code Visualization

The actual warning is visualized in the source code view (with syntax highlighting).  Some warnings have several source code markers attached. In this case, the primary range of the warnings is colored with orange, the remaining ranges are colored with yellow. When hoovering over a colored warning annotation, then the warning message and detailed description is shown in a tool tip.

Labels

  Edit Labels
(None)