将静态分析工具相互集成?
[英]Integrating static analysis tools with each other?
问题描述
How are folks integrating various static analysis tools such as PMD, Checkstyle, and FindBugs so that they are used together in some uniform way?
人们如何集成各种静态分析工具,例如 PMD、Checkstyle 和 FindBugs,以便它们以某种统一的方式一起使用? In particular, I'm interested in generating a single uniform report that includes warnings from all tools.特别是,我有兴趣生成一个统一的报告,其中包括来自所有工具的警告。 Also, I want to be able to mark-up my code with reasonably consistent looking warning suppressions.此外,我希望能够使用看起来相当一致的警告抑制来标记我的代码。
My question here is not meant to address tool "overlap" where, say, PMD and Checkstyle are looking for the same things.我在这里的问题并不是要解决工具“重叠”问题,比如 PMD 和 Checkstyle 正在寻找相同的东西。 That is another issue.那是另一个问题。
Please see some of my thoughts on the matter in an answer to a related question .请在相关问题的回答中查看我对此事的一些想法。
5 个解决方案
解决方案1
2 2008-10-15 00:47:17
I stumbled across JcReport today, which I think does exactly what you are looking for.我今天偶然发现了JcReport ,我认为它完全符合您的要求。 At least, it handles the reports in a combined way;至少,它以组合方式处理报告; suppressions are still tool-specific.抑制仍然是特定于工具的。 This tool claims to support automatically integrating the output of PMD, CPD, FindBugs, CheckStyle, and Cobertura into a single HTML report.该工具声称支持将 PMD、CPD、FindBugs、CheckStyle 和 Cobertura 的输出自动集成到单个 HTML 报告中。
I haven't tried it yet, but definitely intend to soon.我还没有尝试过,但肯定打算很快。
解决方案2
2 2008-10-16 10:49:43
Another option is glean.另一种选择是收集。 http://jbrugge.com/glean/ http://jbrugge.com/glean/
From their website: Glean is a framework of Ant scripts for generating feedback on a team's source code.来自他们的网站: Glean 是一个 Ant 脚本框架,用于生成对团队源代码的反馈。 Glean's goal is to make it possible to add feedback to your build cycle with as little pain as possible. Glean 的目标是尽可能少地为您的构建周期添加反馈。 The scripts drive a number of open-source tools and collect the resulting HTML for you to deploy to a project website or some other common team area.这些脚本驱动许多开源工具并收集生成的 HTML,供您部署到项目网站或其他一些常见的团队区域。 Add it at the end of a daily build cycle and it is a quick way to keep a number of feedback sources up to date and in one place.在每日构建周期结束时添加它,这是一种将多个反馈源保持在一个位置最新的快速方法。
解决方案3
1 2008-09-17 04:21:49
I am not clear on what qualifies as a single uniform report in your book but here is what I do.我不清楚在你的书中什么是单一的统一报告,但这就是我所做的。
I use Maven2 for builds and with it you can configure a series of reporting plugins (including PMD, CPD, checkstyle, coberturba, etc).我使用 Maven2 进行构建,您可以使用它配置一系列报告插件(包括 PMD、CPD、checkstyle、coberturba 等)。 Maven will also auto-generate a website (site plugin) for your project which contains all the reports in a nice easy-to-navigate webpage format. Maven 还将为您的项目自动生成一个网站(站点插件),其中包含以易于导航的网页格式显示的所有报告。
解决方案4
0 2008-09-17 04:23:22
如果您使用 Maven 构建您的项目,并且您将这些工具“插入”到您的 Maven 构建中,那么为构建生成的 Maven 报告将包括这些静态分析工具的输出。
解决方案5
0 2008-09-17 14:50:15
Thanks for the responses!感谢您的回复!
The goal here is to configure these tools so that they behave in some similar manner with respect to each other.此处的目标是配置这些工具,使它们彼此以某种相似的方式运行。 This goes beyond simply dumping whatever report they generate automatically, or using whatever warning suppression hint they use out-of-the-box.这不仅仅是简单地转储它们自动生成的任何报告,或者使用它们开箱即用的任何警告抑制提示。
For example, I have PMD, Checkstyle, and FindBugs configured to report all warnings in the following format:例如,我将 PMD、Checkstyle 和 FindBugs 配置为按以下格式报告所有警告:
/absolute-path/filename:line-number:column-number: warning(tool-name): message So a warning might look like this:因此,警告可能如下所示:
/project/src/com/example/Foo.java:425:9: warning(Checkstyle): Missing a Javadoc comment. Also, all warning suppressions in my source code are marked with a symbol that includes the string " SuppressWarnings " regardless of the static analysis tool being surpressed.此外,我的源代码中的所有警告抑制都标有一个包含字符串“ SuppressWarnings ”的符号,无论静态分析工具被抑制。 Sometimes this symbol is an annotation, sometimes it's in a comment, but it always has that name.有时这个符号是一个注释,有时它在注释中,但它总是有那个名字。
I explain these ideas in a bit more detail here .我在这里更详细地解释这些想法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.