Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Eclipse / SonarQube Integration: How to handle Checkstyle / PMD / FindBugs

Tags:

eclipse

sonarqube

checkstyle

pmd

sonarlint

If I work with Eclipse and want to use SonarQube as single source of code rules, I understand I need to use the SonarLint plugin. However, SonarLint will only check squid rules, no Checkstyle/PMD/Findbugs rules (although they can be used in SonarQube).

My question: If a project has been using a Checkstyle/PMD/Findbugs rule set, how should these rules be handled so that they can also be seen by the Eclipse developers?

Please consider these points:

  • I don't want to manually export rules from SonarQube and install Eclipse plugins for Checkstyle/PMD/Findbugs and configure them with the exported rules. That's too cumbersome.
  • I see that some Checkstyle/PMD/Findbugs are marked as deprecated and there are squid-replacements. Thats ok. But what do I do with all the rules that are not deprecated?
like image 709
Jörn Avatar asked Jun 14 '17 20:06

Jörn

People also ask

What is the main advantage of SonarQube over Checkstyle PMD and FindBugs?

By default, for Java projects, Sonar executes FindBugs, CheckStyle, and PMD, as well as a few other "plugins", such as Cobertura. The main advantage is that it stores the history in a database.

What is PMD Checkstyle FindBugs?

PMD, FindBugs and Checkstyle, are the most popular open-source code analyzers, they are extensively used in Java development to improve the codebase and identify potential vulnerabilities along with design flaws; every tool has its feature, purpose and strength, targeting a specific type of coding rules.

Does SonarQube use PMD?

SonarQube, natively, cannot run PMD and Checkstyle, only consume the reports those tools generate. You'll need to run those tools to generate the reports prior to your SonarQube analysis. Adding the analysis parameters won't do that for you.

1 Answers

This is how we solved this issue (90% solution):

  1. Replaced all deprecated Checkstyle/PMD/FindBugs rules with recommended squid rules. -> This left over 80 Checkstyle, 16 PMD and 0 FindBugs rules (and 60 squid rule), eliminating FindBugs.
  2. Use SonarLint + Checkstyle plugins in Eclipse. For Checkstyle, we export the rules XML from SonarQube, put them in our version control and configure Checkstyle plugin to use that.
  3. Ignore PMD in Eclipse and use direct browser access to SonarQube to see PMD rule violations in code reviews. This saves us from installing/confguring PMD for "only 16 rules".

The solution makes about 90% of our rules visible in Eclipse. The price we pay:

  • Install & configure 2 plugins for rules checking instead of 1.
  • Manually keep Checkstyle rules XML up to date whenever SonarQube updates lead to changes.
  • squid rule violations only visible for opened classes, and in a separate "SonarLint On-the-fly" view.
  • Only 90% of rules visible directly in Eclipse.

We would be very happy if one day SonarLint would display all SonarQube rules violations in Eclipse's standard "Problems" view, covering workspace and selection scopes. Then we would only need a single Eclipse plugin and SonarQube would be the only rules repository.

like image 74
Jörn Avatar answered Oct 13 '22 21:10

Jörn
Sign in to Comment

Related questions

Tapestry 5.3 tutorial and Eclipse Kepler : RegistryStartup service can't be loaded
Possible to specify Eclipse task tag colors by priority?
Unable to link Swagger-ui to my swagger Spring mvc project
How can I set a WebSphere classloader policy to PARENT_LAST for an app created in Eclipse?
Eclipse keeps forgetting JDK compliance, sets it to 1.6
NoClassDefFoundError in nested jar (Android)
Discrepancy between Eclipse compiler and javac - Enums, interfaces, and generics
Start tomcat7:run maven plugin within eclipse and debug
How can I import an external .js to my Java test with Selenium in Eclipse?
how to keep server side Java and client side JS DTO properties consistent
Difference in AndroidManifest.xml
Googletest Eclipse C++ : How to have both test and production executable?
Myclass.class.getProtectionDomain().getCodeSource() return empty path
Creating a JSF project with Maven and IntelliJ
Eclipse Mars consistently fails resolving imports after saving, but cleaning projects alone solves
Excluding integration tests in Eclipse IDE with JUnit 4
ACRA 4.9.0 : How can I write ACRA report to file (in Application data folder)
Eclipse window relocation on Sierra
Make per-context JNDI variable available to Tomcat in Eclipse
Eclipse gluon new project does not finish

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!