/analysis-model

A library to read static analysis reports into a Java object model

Primary LanguageJavaMIT LicenseMIT

Static Analysis Model and Parsers Library

Join the chat at https://gitter.im/jenkinsci/warnings-plugin Jenkins CI on all platforms codecov CodeQL

This library provides a Java object model to read, aggregate, filter, and query static analysis reports. It is used by Jenkins' warnings next generation plug-in to visualize the warnings of individual builds. Additionally, this library is used by a GitHub action to autograde student software projects based on a given set of metrics (unit tests, code and mutation coverage, static analysis warnings).

This library consists basically of three separate parts:

  1. A model to manage a set of issues of static code analysis runs. This includes the possibility to track issues in different source code versions using a fingerprinting algorithm.
  2. Parsers for more than a hundred report formats. Among the problems this library can detect:
    • messages from your build tool (Maven, Gradle, MSBuild, make, etc.)
    • errors from your compiler (C, C#, Java, etc.)
    • warnings from a static analysis tool (CheckStyle, StyleCop, SpotBugs, etc.)
    • duplications from a copy-and-paste detector (CPD, Simian, etc.)
    • vulnerabilities
    • open tasks in comments of your source files
  3. Additional descriptions for a selected set of static analysis tools that provide details for individual violations (including code samples, solutions, or quick fixes).

All source code is licensed under the MIT license.

Contributions to this library are welcome, please refer to the separate CONTRIBUTING document for details on how to proceed!