Static Code Analysis Plug-ins

Skip to end of metadata
Go to start of metadata

Plugin Information

Plugin ID analysis-core Changes In Latest Release
Since Latest Release
Latest Release
Latest Release Date
Required Core
Dependencies
1.56
Mar 13, 2014
1.424
maven-plugin (version:1.424, optional)
dashboard-view (version:2.2, optional)
token-macro (version:1.5.1, optional)
ant (version:1.1, optional)
Source Code
Issue Tracking
Maintainer(s)
GitHub
Open Issues
Ulli Hafner (id: drulli)
Usage Installations 2013-Apr 19171
2013-May 19262
2013-Jun 19620
2013-Jul 20481
2013-Aug 20217
2013-Sep 20674
2013-Oct 21516
2013-Nov 21321
2013-Dec 20984
2014-Jan 22130
2014-Feb 22605
2014-Mar 23472


This plug-in provides utilities for the static code analysis plug-ins.

Jenkins understands the result files of several static code analysis tools. For each result file a different plug-in is used for configuration and parsing. Since these results are visualized by the same back-end, the description of this back-end is combined in this section. The following plug-ins use the same visualization:

Additionally the add-on plug-in Static Analysis Collector is available that combines the individual results of these plug-ins into a single trend graph and view.

The following features are provided by these plug-ins:

  • View column that shows the total number of warnings in a job
  • Build summary showing the new and fixed warnings of a build
  • Several trend reports showing the number of warnings per build
  • Several portlets for the Jenkins dashboard view
  • Overview of the found warnings per module, package, category, or type
  • Detail reports of the found warnings optionally filtered by severity (or new and fixed)
  • Colored HTML display of the corresponding source file and warning lines
  • Several failure thresholds to mark a build as unstable or failed
  • Configurable project health support
  • Highscore computation for builds without warnings and successful builds
  • Works with the freestyle and native m2 build option of Jenkins
  • Email Support to show aggregated results of the warnings in a project
  • Remote API to export the build quality and found warnings
  • Several tokens to simplify post processing of the analysis results

View column

The total number of warnings in a job can be visualized in every view by adding a new column "Number of * warnings".

Trend Graphs

There are several trend graphs available for the plug-ins. Currently, you can select one of the following trend graphs for a job:

  • Total warnings per build including the distribution of the priorities low, normal, and high in different colors.
       
  • Total warnings per build showing how many warnings are below (blue), in between (yellow), or above (red) the build health thresholds.
       
  •  New and fixed warnings per build, fixed in blue, and new in red.
       
  • Difference between new and fixed warnings per build (cumulative).
     
  • Total number of warnings (with auto scaled range)
     

You can adjust the size of graph and the number of builds to include. These graphs can be configured globally for a job and can be changed by each user.

Portlets for the dashboard view

The following portlets for the dashboard view are available:

  • The number of warnings per project (total, priority high, priority normal, priority low)
       
  • Trend graph with number of warnings in the selected projects (with priority distribution)
       
  • Trend graph with number of new and fixed warnings in the selected projects
       

Build Summary

The results for each build are summarized on the build view. Here you see how may warnings or open tasks have been found for the selected build. Moreover, the summary shows the number of new and fixed warnings as well as the number of scanned or parsed files. The details views for each plug-in are accessible via hyper links. You can also directly navigate to the plug-in results by clicking into the trend image (see image above).

Result Overview

Each plug-in presents the results of a build in several overview tabs: here you see the number of the warnings or tasks per item as well as the severity distribution. The severity graphs provide a tool tip to show the actual number of warnings or tasks for each severity. By following the link in the first overview table column you will be directed to the filtered details of the selection. The overview table is sortable, so you can easily find the modules or packages with the most warnings by clicking on the table header.

  • The modules tab shows the number of warnings or open tasks per module. The module name is extracted from the pom.xml (Maven) or build.xml (Ant) build configuration files. If you are using another build tool then the path segment above the scanned analysis report file is used as module name.
  • The packages tab shows the number of warnings or open tasks per package or namespace. There is currently only support for Java or C# files.
  • The files tab shows the number of warnings or open tasks per file.
  • The categories tab shows the number of warnings per category. The available set of categories is obtained from the underlying static code analysis tool.
  • The type tab shows the number of warnings per type. The type depends on the static code analysis tool but typically is a 1:1 mapping to the actual rule that produced the warning.


The overview tabs for packages, files, categories and types are equivalent, click on the thumbnails below to view a screenshot of these tabs.

Package Overview Files Overview
Category Overview Types Overview

Result Details

The details of the individual warnings are shown in the remaining tabs. In the Details tab you will see all warnings of the current selection (e.g., a given package) printed one after another. For each warning you will see the warning message and a detailed description (with example) of the static analysis tool. If you are viewing the results of the current build then the file names are hyperlinks: clicking on the file name will open the actual source code with the selected warning highlighted.

 

The detail tabs in the other plug-ins are equivalent, click on the thumbnails below to view a screenshot of these tabs.

Checkstyle PMD
Warnings Dry

Besides this details tab there are additional tabs that show the details for a filtered sub-set of the warnings or tasks. I.e., the tabs high, normal, and low show the details of the selected severity, while the tabs new and fixed show warnings in the current build that are new or fixed, respectively.

Finally, the tab Warnings shows a sortable table of all warnings. Here you can sort the warnings by all available attributes to decide which warnings should be looked at in more detail. The warning message and description is shown when hoovering over the cell content.

Source Code Visualization

The actual warning is visualized in the source code view (with syntax highlighting).  Some warnings have several source code markers attached. In this case, the primary range of the warnings is colored with orange, the remaining ranges are colored with yellow. When hoovering over a colored warning annotation, then the warning message and detailed description is shown in a tool tip.


Email Support

The warning results can be shown in build notifications, too. In order to get an aggregation report in build emails you can use the static-analysis.jelly template for the Email-Ext Plug-in.

In case you want to send notification emails to users introducing new warnings or violations but without failing a build you can use this groovy trigger script for the Email-Ext Plug-in.

Remote API

All plug-ins also do have a remote API to obtain information on the quality of the current build. You can use the following commands, the variable [Plugin-URL] needs to be replaced with the URL of the plug-in, e.g., checkstyle, findbugs, tasks, etc. :

  • ...job/[Job-Name]/[Build-Number]/[Plugin-URL]Result/api/xml?depth=0 will return only the build results:
<analysisResult>
  <newZeroWarningsHighScore>false</newZeroWarningsHighScore>
  <numberOfFixedWarnings>40</numberOfFixedWarnings>
  <numberOfNewWarnings>40</numberOfNewWarnings>
  <numberOfWarnings>95</numberOfWarnings>
  <warningsDelta>0</warningsDelta>
  <zeroWarningsHighScore>0</zeroWarningsHighScore>
  <zeroWarningsSinceBuild>0</zeroWarningsSinceBuild>
  <zeroWarningsSinceDate>0</zeroWarningsSinceDate>
</analysisResult>
  • ...job/[Job-Name]/[Build-Number]/[Plugin-URL]Result/api/xml?depth=1 will additionally return the current (and new) warnings:
<analysisResult>
  <newZeroWarningsHighScore>false</newZeroWarningsHighScore>
  <numberOfFixedWarnings>40</numberOfFixedWarnings>
  <numberOfNewWarnings>40</numberOfNewWarnings>
  <numberOfWarnings>95</numberOfWarnings>
  <warning>
    <fileName>checkstyle/src/main/java/hudson/plugins/checkstyle/CheckStyleResult.java
    </fileName>
    <message>The String literal "</li>" appears 5 times in this
      file; the first occurrence is on line 62.</message>
    <primaryLineNumber>62</primaryLineNumber>
    <priority>NORMAL</priority>
  </warning>
  <warningsDelta>0</warningsDelta>
  <zeroWarningsHighScore>0</zeroWarningsHighScore>
  <zeroWarningsSinceBuild>0</zeroWarningsSinceBuild>
  <zeroWarningsSinceDate>0</zeroWarningsSinceDate>
</analysisResult>

Build Tokens

All plug-in provide several tokens that are available during post build processing. In order to use these tokens you need to install the latest release of the token macro plug-in. The following tokens are currently available (for the plug-in names CHECKSTYLE, DRY, FINDBUGS, PMD, TASKS, WARNINGS and ANALYSIS):

  • [plug-in name ]_RESULT: Expands to the build result of a plug-in
  • [plug-in name ]_COUNT: Expands to the total number of warnings in a build
  • [plug-in name ]_NEW: Expands to the total number of new warnings in a build
  • [plug-in name ]_FIXED: to the total number of fixed warnings in a build

Maven Notes

These plug-ins normally get built in the site phase, not in the 'normal' package phase. The configuration help for the plug-in specifies which goal you'll have to add to your maven build options a bit further up on the same page.

Labels

Edit
plugin-maven plugin-maven Delete
plugin-report plugin-report Delete
supports-dashboard-view supports-dashboard-view Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Add Comment