This library provides a Java API to read, aggregate, filter, and query static analysis reports. It is used by my Jenkins' warnings plug-in to visualize the warnings of individual builds.
Additionally, this library is used by my additional Quality Monitor GitHub Action, that monitors the quality of projects based on a configurable set of metrics and gives feedback on pull requests (or single commits) in GitHub. There are also two additional actions available, to autograde student software projects based on these metrics: GitHub Autograding action and GitLab Autograding action.
This library consists basically of three separate parts:
- A model to manage a set of issues of static code analysis runs. This includes the possibility to track issues in different source code versions using a fingerprinting algorithm.
- Parsers for more than a hundred report formats. Among the problems this library can detect:
- messages from your build tool (Maven, Gradle, MSBuild, make, etc.)
- errors from your compiler (C, C#, Java, etc.)
- warnings from a static analysis tool (CheckStyle, StyleCop, SpotBugs, etc.)
- duplications from a copy-and-paste detector (CPD, Simian, etc.)
- vulnerabilities
- open tasks in comments of your source files
- Additional descriptions for a selected set of static analysis tools that provide details for individual violations (including code samples, solutions, or quick fixes).
All source code is licensed under the MIT license.
Contributions to this library are welcome, please refer to the separate CONTRIBUTING document for details on how to proceed!