Awesome
Violations Lib
This is a Java library for parsing report files like static code analysis.
Example of supported reports are available here.
| Version | Java Version |
|---|---|
| version < 1.156.8 | 8 |
| 1.156.8 <= version | 11 |
A number of parsers have been implemented. Some parsers can parse output from several reporters.
| Reporter | Parser | Notes |
|---|---|---|
| ARM-GCC | CLANG | |
| AndroidLint | ANDROIDLINT | |
| Ansible-Later | ANSIBLELATER | With json format |
| AnsibleLint | FLAKE8 | With -p |
| Bandit | CLANG | With bandit -r examples/ -f custom -o bandit.out --msg-template "{abspath}:{line}: {severity}: {test_id}: {msg}" |
| CLang | CLANG | |
| CPD | CPD | |
| CPPCheck | CPPCHECK | With cppcheck test.cpp --output-file=cppcheck.xml --xml |
| CPPLint | CPPLINT | |
| CSSLint | CSSLINT | |
| Checkstyle | CHECKSTYLE | |
| CloudFormation Linter | JUNIT | cfn-lint . -f junit --output-file report-junit.xml |
| CodeClimate | CODECLIMATE | |
| CodeNarc | CODENARC | |
| Coverity | COVERITY | |
| Dart | MACHINE | With dart analyze --format=machine |
| Dependency Check | SARIF | Using --format SARIF |
| Detekt | CHECKSTYLE | With --output-format xml. |
| DocFX | DOCFX | |
| Doxygen | CLANG | |
| ERB | CLANG | With erb -P -x -T '-' "${it}" | ruby -c 2>&1 >/dev/null | grep '^-' | sed -E 's/^-([a-zA-Z0-9:]+)/${filename}\1 ERROR:/p' > erbfiles.out. |
| ESLint | CHECKSTYLE | With format: 'checkstyle'. |
| Findbugs | FINDBUGS | |
| Flake8 | FLAKE8 | |
| FxCop | FXCOP | |
| GCC | CLANG | |
| GHS | GHS | |
| Gendarme | GENDARME | |
| Generic reporter | GENERIC | Will create one single violation with all the content as message. |
| GoLint | GOLINT | |
| GoVet | GOLINT | Same format as GoLint. |
| GolangCI-Lint | CHECKSTYLE | With --out-format=checkstyle. |
| GoogleErrorProne | GOOGLEERRORPRONE | |
| HadoLint | CHECKSTYLE | With -f checkstyle |
| IAR | IAR | With --no_wrap_diagnostics |
| Infer | PMD | Facebook Infer. With --pmd-xml. |
| JACOCO | JACOCO | |
| JCReport | JCREPORT | |
| JSHint | JSLINT | With --reporter=jslint or the CHECKSTYLE parser with --reporter=checkstyle |
| JUnit | JUNIT | It only contains the failures. |
| KTLint | CHECKSTYLE | |
| Klocwork | KLOCWORK | |
| KotlinGradle | KOTLINGRADLE | Output from Kotlin Gradle Plugin. |
| KotlinMaven | KOTLINMAVEN | Output from Kotlin Maven Plugin. |
| Lint | LINT | A common XML format, used by different linters. |
| MSBuildLog | MSBULDLOG | With -fileLogger use .*msbuild\\.log$ as pattern or -fl -flp:logfile=MyProjectOutput.log;verbosity=diagnostic for a custom output filename |
| MSCpp | MSCPP | |
| Mccabe | FLAKE8 | |
| MyPy | MYPY | |
| NullAway | GOOGLEERRORPRONE | Same format as Google Error Prone. |
| PCLint | PCLINT | PC-Lint using the same output format as the Jenkins warnings plugin, details here |
| PHPCS | CHECKSTYLE | With phpcs api.php --report=checkstyle. |
| PHPPMD | PMD | With phpmd api.php xml ruleset.xml. |
| PMD | PMD | |
| Pep8 | FLAKE8 | |
| PerlCritic | PERLCRITIC | |
| PiTest | PITEST | |
| ProtoLint | PROTOLINT | |
| Puppet-Lint | CLANG | With -log-format %{fullpath}:%{line}:%{column}: %{kind}: %{message} |
| PyDocStyle | PYDOCSTYLE | |
| PyFlakes | FLAKE8 | |
| PyLint | PYLINT | With pylint --output-format=parseable. |
| ReSharper | RESHARPER | |
| RubyCop | CLANG | With rubycop -f clang file.rb |
| SARIF | SARIF | v2.x. Microsoft Visual C# can generate it with ErrorLog="BuildErrors.sarif,version=2". |
| SbtScalac | SBTSCALAC | |
| Scalastyle | CHECKSTYLE | |
| Semgrep | SEMGREP | With --json. |
| Simian | SIMIAN | |
| Sonar | SONAR | With mvn sonar:sonar -Dsonar.analysis.mode=preview -Dsonar.report.export.path=sonar-report.json. Removed in 7.7, see SONAR-11670 but can be retrieved with: curl --silent 'http://sonar-server/api/issues/search?componentKeys=unique-key&resolved=false' | jq -f sonar-report-builder.jq > sonar-report.json. |
| Spotbugs | FINDBUGS | |
| StyleCop | STYLECOP | |
| SwiftLint | CHECKSTYLE | With --reporter checkstyle. |
| TSLint | CHECKSTYLE | With -t checkstyle |
| Valgrind | VALGRIND | With --xml=yes. |
| XMLLint | XMLLINT | |
| XUnit | XUNIT | It only contains the failures. |
| YAMLLint | YAMLLINT | With -f parsable |
| ZPTLint | ZPTLINT |
52 parsers and 79 reporters.
Missing a format? Open an issue here!
Usage
Very easy to use with a nice builder pattern
List<Violation> violations = violationsReporterApi() //
.withPattern(".*/findbugs/.*\\.xml$") //
.inFolder(rootFolder) //
.findAll(FINDBUGS) //
.violations();
It can also export the violations to the CodeClimate and SARIF formats with:
.codeClimate().sarif()
If you need to convert a report from one format to another, the command line tool is probably easiest to use.
The library is used in a bunch of other projects, these are some of them.
Command line:
- Violations Command Line Can parse, log, fail, and/or export to
CodeClimateandSariffiles.Sarifis how GitHub is supported, andCodeClimatecan be used with GitLab, see README. - Violation Comments to GitLab Command Line
- Violation Comments to Bitbucket Server Command Line
- Violation Comments to Bitbucket Cloud Command Line
Gradle:
Maven:
Jenkins:
And these supporting libraries: