tomasbjerre / violations-maven-plugin Goto Github PK
View Code? Open in Web Editor NEWMaven plugin that will find report files from static code analysis, present and optionally fail the build.
License: Other
Maven plugin that will find report files from static code analysis, present and optionally fail the build.
License: Other
now docs is one target dir:
<violation>
<parser>CHECKSTYLE</parser>
<reporter>Checkstyle</reporter>
<folder>.</folder>
<pattern>.*/target/checkstyle-result\.xml$</pattern>
</violation>
does this plugin support sub module target dir?
such as:
JavaProject/
--pom.xml
--UserService/
----pom.xml
----target/checkstyle-result.xml
--WikiService/
----pom.xml
----target/checkstyle-result.xml
should I change the folder or pattern?
what's the "folder" config meaning?
now the docs tell us to using mvn verify
, but unit test and it test are in verify
too, it will cause 2 problem:
violations-maven-plugin
can not run alone, always run with test, the speed is slow.violations-maven-plugin
will not run, so we can not get a report.Demo: https://github.com/WebGoat/WebGoat
if we want lint and collect report
first, if lint success, run test and collect report
, this plugin can not do it:
image: bellsoft/liberica-openjdk-debian:17
stages:
- lint
- test
- build
lint_and_report:
stage: lint
script:
- ./mvnw checkstyle:check
- ./mvnw verify # convert format after test, so it failed
artifacts:
when: always
reports:
codequality: gl-code-quality-report.json.json
test_and_report:
stage: test
script:
- ./mvnw verify
artifacts:
when: always
reports:
junit:
- target/surefire-reports/TEST-*.xml
- target/failsafe-reports/TEST-*.xml
build_java:
stage: build
script:
- ./mvnw package -Dmaven.test.skip=true
Hi,
I have read in the readme.md that it can fail the build optionally if violations are fount but haven't found any config option to do so. How can I do that?
Hi,
I am trying to use this lib to make the build failed when JaCoCo coverage is below threshold.
Should I set anything beside
<violation>
<parser>JACOCO</parser>
<reporter>JACOCO</reporter>
<folder>./target/site/jacoco</folder>
<pattern>.*/jacoco\.xml$</pattern>
</violation>
in the pom.xml?
The jacoco maven plugin is properly set up in theory.
I started to debug it with mvnDebug and I can see that the content of the file is read by violations-lib, so JacocoParser.parseReportOutput() gets the content of the jacoco.xml file but finds 0 violations although some values are below threshold.
If you want to take a look on my jacoco.xml or want more details then just please tell me.
Thanks,
Daniel
In projects with more problems or submodules。The execution of plug-ins can take a long time。
Can you temporarily skip plug-in execution by using command line arguments?For example, mvn package -Dmaven.violations.skip=true
the file path in GitLab MR widget is wrong, so the URL is 404
violations-maven-plugin
for checkstyle in Java project./mvnw validate
in GitLab CIhttps://jihulab.com/ultimate-plan/demo/java-17-maven-demo/-/merge_requests/1
file path: /builds/ultimate-plan/demo/java-17-maven-demo/src/main/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpoint.java:96
file path: src/main/java/org/owasp/webgoat/lessons/jwt/JWTFinalEndpoint.java:96
target/checkstyle-result.xml
<?xml version="1.0" encoding="UTF-8"?>
<checkstyle version="9.3">
<file name="/Volumes/Code/ultimate-plan/demo/WebGoat/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java">
<error line="5" column="1" severity="warning" message="foo" source="com.puppycrawl.tools.checkstyle.checks.imports.CustomImportOrderCheck"/>
target/pmd.xml
<?xml version="1.0" encoding="UTF-8"?>
<pmd xmlns="http://pmd.sourceforge.net/report/2.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://pmd.sourceforge.net/report/2.0.0 http://pmd.sourceforge.net/report_2_0_0.xsd" version="6.49.0" timestamp="2022-09-20T10:08:44.599">
<file name="/Volumes/Code/ultimate-plan/demo/WebGoat/src/main/java/org/owasp/webgoat/container/WebSecurityConfig.java">
<violation beginline="34" endline="34" begincolumn="1" endcolumn="49" rule="UnnecessaryImport" ruleset="Code Style" package="org.owasp.webgoat.container" class="WebSecurityConfig" externalInfoUrl="https://pmd.github.io/pmd-6.49.0/pmd_rules_java_codestyle.html#unnecessaryimport" priority="4">
Unused import 'org.owasp.webgoat.container.i18n.Language'
</violation>
gl-code-quality-report.json
[
{
"description": "tab in line",
"fingerprint": "871ea4ab645d5d0e497b475c186acb5a57f764419e9ba4cd3dae8aa0a1093e10",
"location": {
"path": "/Volumes/Code/ultimate-plan/demo/WebGoat/src/main/java/org/dummy/insecure/framework/VulnerableTaskHolder.java",
"lines": {
"begin": 73
}
}
]
steps:
README.md
./mwnw package
output:
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ violations-maven-plugin ---
[INFO] Surefire report directory: /Volumes/Code/ultimate-plan/jihu-gitlab-app/violations-maven-plugin/target/surefire-reports
-------------------------------------------------------
T E S T S
-------------------------------------------------------
Running se.bjurr.violations.maven.plugin.ViolationCommentsMojoTest
Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.212 sec
Running se.bjurr.violations.maven.plugin.UpdateReadmeTest
Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0.006 sec <<< FAILURE!
doUpdateReadmeWithReporters(se.bjurr.violations.maven.plugin.UpdateReadmeTest) Time elapsed: 0.006 sec <<< ERROR!
java.lang.RuntimeException: Could not find:
| Reporter | Parser | Notes
Missing a format? Open an issue [here](https://github.com/tomasbjerre/violations-lib/issues)!
in ./README.md
at se.bjurr.violations.lib.util.Utils.updateReadmeWithReporters(Utils.java:116)
First off: Fantastic plugin, really appreciate your work and it helps us a lot!
Problem: We use your tool create a code climate output that we then import into GitLab. When code is changed, we get a lot of false positives changes, where the same change will be listed (by Gitlab) as both new and fixed, causing us to miss the 'real' issue.
I think the problem is that
Therefore, would it be possible to create a unique hash as fingerprint per item that does not include line number as input?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.