Sonar-PMD is a plugin that provides coding rules from PMD for use in SonarQube.
Starting April 2022, the project has found a new home. We, jborgers and stokpop, aim to provide an active project and well-maintained sonar-pmd plugin. It is now sponsored by Rabobank.
For a list of all rules and their status, see: RULES.md
The plugin should be available in the SonarQube marketplace and is preferably installed from within SonarQube (Administration --> Marketplace --> Search pmd).
Because of changed integration of the Java-plugin in SonarQube and our dependency on it, this plugin is temporarily not available from the Marketplace.
Hopefully this will be fixed quickly with the release of version 3.4.0.
Alternatively, download the latest JAR file, put it into the plugin directory (./extensions/plugins
) and restart SonarQube.
Usage should be straight forward:
- Activate some PMD rules in your quality profile.
- Run an analysis.
Sonar-PMD analyzes the given source code with the Java source version defined in your Gradle or Maven project.
In case you are not using one of these build tools, or if that does not match the version you are using, set the sonar.java.source
property to tell PMD which version of Java your source code complies to.
Possible values : 1.4 to 1.8/8 to 18
PMD Plugin | 2.5 | 2.6 | 3.0.0 | 3.1.x | 3.2.x | 3.3.x | 3.4.0 |
---|---|---|---|---|---|---|---|
PMD | 5.4.0 | 5.4.2 | 5.4.2 | 6.9.0 | 6.10.0 | 6.30.0 | 6.45.0 |
Max. supported Java Version | 1.7 | 1.8 | 1.8 | 11 | 15 | 18 | |
Min. SonarQube Version | 4.5.4 | 4.5.4 | 6.6 | 6.7 | 8.9(*) / 9.3 |
(*) Note: Plugin version 3.4.x runs in SonarQube 8.9, however, Java 17+ is only fully supported in SonarQube 9.3+.
A majority of the PMD rules have been rewritten in the Java plugin. Rewritten rules are marked "Deprecated" in the PMD plugin, but a concise summary of replaced rules is available.
PMD tool provides some rules that can check the code of JUnit tests. Please note that these rules (and only these rules) will be applied only on the test files of your project.
Sonar-PMD is licensed under the GNU Lesser General Public License, Version 3.0.
Parts of the rule descriptions displayed in SonarQube have been extracted from PMD and are licensed under a BSD-style license.
To build the plugin and run the integration tests:
./mvnw clean verify
本repo在sonar-pmd基础上增加了alibaba-p3c规则,详细的修改包括:
-
sonar-pmd-plugin 增加依赖
<dependency> <groupId>com.alibaba.p3c</groupId> <artifactId>p3c-pmd</artifactId> <!-- 请保持最新 --> <version>2.1.1</version> </dependency> <dependency> <groupId>com.google.code.gson</groupId> <artifactId>gson</artifactId> <version>2.9.0</version> </dependency>
-
修改
/resources/org/sonar/l10n/pmd/rules/pmd.properties
,增加 p3c 的规则。同时修改org.sonar.plugins.pmd.PmdRulesDefinitionTest.test
里面对规则条数的断言,从268改实际的324。 -
增加
/resources/org/sonar/plugins/pmd/rules-p3c.xml
-
增加规则描述 html
/resources/org/sonar/l10n/pmd-p3c
-
修改
/resources/com/sonar/sqale/pmd-model.xml
增加P3c相关 -
修改 PmdRulesDefinition.java,加入p3c规则:
//org.sonar.plugins.pmd.rule.PmdRulesDefinition#define extractRulesData(repository, "/org/sonar/plugins/pmd/rules-p3c.xml", "/org/sonar/l10n/pmd/rules/pmd-p3c");