Awesome
Violations Lib
This is a Java library for parsing report files like static code analysis.
Example of supported reports are available here.
Version | Java Version |
---|---|
version < 1.156.8 | 8 |
1.156.8 <= version | 11 |
A number of parsers have been implemented. Some parsers can parse output from several reporters.
Reporter | Parser | Notes |
---|---|---|
ARM-GCC | CLANG | |
AndroidLint | ANDROIDLINT | |
Ansible-Later | ANSIBLELATER | With json format |
AnsibleLint | FLAKE8 | With -p |
Bandit | CLANG | With bandit -r examples/ -f custom -o bandit.out --msg-template "{abspath}:{line}: {severity}: {test_id}: {msg}" |
CLang | CLANG | |
CPD | CPD | |
CPPCheck | CPPCHECK | With cppcheck test.cpp --output-file=cppcheck.xml --xml |
CPPLint | CPPLINT | |
CSSLint | CSSLINT | |
Checkstyle | CHECKSTYLE | |
CloudFormation Linter | JUNIT | cfn-lint . -f junit --output-file report-junit.xml |
CodeClimate | CODECLIMATE | |
CodeNarc | CODENARC | |
Coverity | COVERITY | |
Dart | MACHINE | With dart analyze --format=machine |
Dependency Check | SARIF | Using --format SARIF |
Detekt | CHECKSTYLE | With --output-format xml . |
DocFX | DOCFX | |
Doxygen | CLANG | |
ERB | CLANG | With erb -P -x -T '-' "${it}" | ruby -c 2>&1 >/dev/null | grep '^-' | sed -E 's/^-([a-zA-Z0-9:]+)/${filename}\1 ERROR:/p' > erbfiles.out . |
ESLint | CHECKSTYLE | With format: 'checkstyle' . |
Findbugs | FINDBUGS | |
Flake8 | FLAKE8 | |
FxCop | FXCOP | |
GCC | CLANG | |
GHS | GHS | |
Gendarme | GENDARME | |
Generic reporter | GENERIC | Will create one single violation with all the content as message. |
GoLint | GOLINT | |
GoVet | GOLINT | Same format as GoLint. |
GolangCI-Lint | CHECKSTYLE | With --out-format=checkstyle . |
GoogleErrorProne | GOOGLEERRORPRONE | |
HadoLint | CHECKSTYLE | With -f checkstyle |
IAR | IAR | With --no_wrap_diagnostics |
Infer | PMD | Facebook Infer. With --pmd-xml . |
JACOCO | JACOCO | |
JCReport | JCREPORT | |
JSHint | JSLINT | With --reporter=jslint or the CHECKSTYLE parser with --reporter=checkstyle |
JUnit | JUNIT | It only contains the failures. |
KTLint | CHECKSTYLE | |
Klocwork | KLOCWORK | |
KotlinGradle | KOTLINGRADLE | Output from Kotlin Gradle Plugin. |
KotlinMaven | KOTLINMAVEN | Output from Kotlin Maven Plugin. |
Lint | LINT | A common XML format, used by different linters. |
MSBuildLog | MSBULDLOG | With -fileLogger use .*msbuild\\.log$ as pattern or -fl -flp:logfile=MyProjectOutput.log;verbosity=diagnostic for a custom output filename |
MSCpp | MSCPP | |
Mccabe | FLAKE8 | |
MyPy | MYPY | |
NullAway | GOOGLEERRORPRONE | Same format as Google Error Prone. |
PCLint | PCLINT | PC-Lint using the same output format as the Jenkins warnings plugin, details here |
PHPCS | CHECKSTYLE | With phpcs api.php --report=checkstyle . |
PHPPMD | PMD | With phpmd api.php xml ruleset.xml . |
PMD | PMD | |
Pep8 | FLAKE8 | |
PerlCritic | PERLCRITIC | |
PiTest | PITEST | |
ProtoLint | PROTOLINT | |
Puppet-Lint | CLANG | With -log-format %{fullpath}:%{line}:%{column}: %{kind}: %{message} |
PyDocStyle | PYDOCSTYLE | |
PyFlakes | FLAKE8 | |
PyLint | PYLINT | With pylint --output-format=parseable . |
ReSharper | RESHARPER | |
RubyCop | CLANG | With rubycop -f clang file.rb |
SARIF | SARIF | v2.x. Microsoft Visual C# can generate it with ErrorLog="BuildErrors.sarif,version=2" . |
SbtScalac | SBTSCALAC | |
Scalastyle | CHECKSTYLE | |
Semgrep | SEMGREP | With --json . |
Simian | SIMIAN | |
Sonar | SONAR | With mvn sonar:sonar -Dsonar.analysis.mode=preview -Dsonar.report.export.path=sonar-report.json . Removed in 7.7, see SONAR-11670 but can be retrieved with: curl --silent 'http://sonar-server/api/issues/search?componentKeys=unique-key&resolved=false' | jq -f sonar-report-builder.jq > sonar-report.json . |
Spotbugs | FINDBUGS | |
StyleCop | STYLECOP | |
SwiftLint | CHECKSTYLE | With --reporter checkstyle . |
TSLint | CHECKSTYLE | With -t checkstyle |
Valgrind | VALGRIND | With --xml=yes . |
XMLLint | XMLLINT | |
XUnit | XUNIT | It only contains the failures. |
YAMLLint | YAMLLINT | With -f parsable |
ZPTLint | ZPTLINT |
52 parsers and 79 reporters.
Missing a format? Open an issue here!
Usage
Very easy to use with a nice builder pattern
List<Violation> violations = violationsReporterApi() //
.withPattern(".*/findbugs/.*\\.xml$") //
.inFolder(rootFolder) //
.findAll(FINDBUGS) //
.violations();
It can also export the violations to the CodeClimate and SARIF formats with:
.codeClimate()
.sarif()
If you need to convert a report from one format to another, the command line tool is probably easiest to use.
The library is used in a bunch of other projects, these are some of them.
Command line:
- Violations Command Line Can parse, log, fail, and/or export to
CodeClimate
andSarif
files.Sarif
is how GitHub is supported, andCodeClimate
can be used with GitLab, see README. - Violation Comments to GitLab Command Line
- Violation Comments to Bitbucket Server Command Line
- Violation Comments to Bitbucket Cloud Command Line
Gradle:
Maven:
Jenkins:
And these supporting libraries: