There are very few users of this tool, so I am archiving it and referring to:
- https://github.com/tomasbjerre/violation-comments-to-gitlab-command-line
- https://github.com/jenkinsci/violation-comments-to-gitlab-plugin/
- https://github.com/tomasbjerre/violations-command-line
This is a Maven plugin for Violation Comments to GitLab Lib.
It can parse results from static code analysis and comment merge requests in GitLab with them.
An alternative is also to have violations-command-line convert the violations to CodeClimate
format and upload that to GitLab. It is explained in readme of violations-command-line.
The merge must be performed first in order for the commented lines in the MR to match the lines reported by the analysis tools!
Example of supported reports are available here.
A number of parsers have been implemented. Some parsers can parse output from several reporters.
Reporter | Parser | Notes |
---|---|---|
ARM-GCC | CLANG |
|
AndroidLint | ANDROIDLINT |
|
Ansible-Later | ANSIBLELATER |
With json format |
AnsibleLint | FLAKE8 |
With -p |
Bandit | CLANG |
With bandit -r examples/ -f custom -o bandit.out --msg-template "{abspath}:{line}: {severity}: {test_id}: {msg}" |
CLang | CLANG |
|
CPD | CPD |
|
CPPCheck | CPPCHECK |
With cppcheck test.cpp --output-file=cppcheck.xml --xml |
CPPLint | CPPLINT |
|
CSSLint | CSSLINT |
|
Checkstyle | CHECKSTYLE |
|
CloudFormation Linter | JUNIT |
cfn-lint . -f junit --output-file report-junit.xml |
CodeClimate | CODECLIMATE |
|
CodeNarc | CODENARC |
|
Dart | MACHINE |
With dart analyze --format=machine |
Dependency Check | SARIF |
Using --format SARIF |
Detekt | CHECKSTYLE |
With --output-format xml . |
DocFX | DOCFX |
|
Doxygen | CLANG |
|
ERB | CLANG |
With erb -P -x -T '-' "${it}" | ruby -c 2>&1 >/dev/null | grep '^-' | sed -E 's/^-([a-zA-Z0-9:]+)/${filename}\1 ERROR:/p' > erbfiles.out . |
ESLint | CHECKSTYLE |
With format: 'checkstyle' . |
Findbugs | FINDBUGS |
|
Flake8 | FLAKE8 |
|
FxCop | FXCOP |
|
GCC | CLANG |
|
GHS | GHS |
|
Gendarme | GENDARME |
|
Generic reporter | GENERIC |
Will create one single violation with all the content as message. |
GoLint | GOLINT |
|
GoVet | GOLINT |
Same format as GoLint. |
GolangCI-Lint | CHECKSTYLE |
With --out-format=checkstyle . |
GoogleErrorProne | GOOGLEERRORPRONE |
|
HadoLint | CHECKSTYLE |
With -f checkstyle |
IAR | IAR |
With --no_wrap_diagnostics |
Infer | PMD |
Facebook Infer. With --pmd-xml . |
JACOCO | JACOCO |
|
JCReport | JCREPORT |
|
JSHint | JSLINT |
With --reporter=jslint or the CHECKSTYLE parser with --reporter=checkstyle |
JUnit | JUNIT |
It only contains the failures. |
KTLint | CHECKSTYLE |
|
Klocwork | KLOCWORK |
|
KotlinGradle | KOTLINGRADLE |
Output from Kotlin Gradle Plugin. |
KotlinMaven | KOTLINMAVEN |
Output from Kotlin Maven Plugin. |
Lint | LINT |
A common XML format, used by different linters. |
MSBuildLog | MSBULDLOG |
With -fileLogger use .*msbuild\\.log$ as pattern or -fl -flp:logfile=MyProjectOutput.log;verbosity=diagnostic for a custom output filename |
MSCpp | MSCPP |
|
Mccabe | FLAKE8 |
|
MyPy | MYPY |
|
NullAway | GOOGLEERRORPRONE |
Same format as Google Error Prone. |
PCLint | PCLINT |
PC-Lint using the same output format as the Jenkins warnings plugin, details here |
PHPCS | CHECKSTYLE |
With phpcs api.php --report=checkstyle . |
PHPPMD | PMD |
With phpmd api.php xml ruleset.xml . |
PMD | PMD |
|
Pep8 | FLAKE8 |
|
PerlCritic | PERLCRITIC |
|
PiTest | PITEST |
|
ProtoLint | PROTOLINT |
|
Puppet-Lint | CLANG |
With -log-format %{fullpath}:%{line}:%{column}: %{kind}: %{message} |
PyDocStyle | PYDOCSTYLE |
|
PyFlakes | FLAKE8 |
|
PyLint | PYLINT |
With pylint --output-format=parseable . |
ReSharper | RESHARPER |
|
RubyCop | CLANG |
With rubycop -f clang file.rb |
SARIF | SARIF |
v2.x. Microsoft Visual C# can generate it with ErrorLog="BuildErrors.sarif,version=2" . |
SbtScalac | SBTSCALAC |
|
Scalastyle | CHECKSTYLE |
|
Semgrep | SEMGREP |
With --json . |
Simian | SIMIAN |
|
Sonar | SONAR |
With mvn sonar:sonar -Dsonar.analysis.mode=preview -Dsonar.report.export.path=sonar-report.json . Removed in 7.7, see SONAR-11670 but can be retrieved with: curl --silent 'http://sonar-server/api/issues/search?componentKeys=unique-key&resolved=false' | jq -f sonar-report-builder.jq > sonar-report.json . |
Spotbugs | FINDBUGS |
|
StyleCop | STYLECOP |
|
SwiftLint | CHECKSTYLE |
With --reporter checkstyle . |
TSLint | CHECKSTYLE |
With -t checkstyle |
Valgrind | VALGRIND |
With --xml=yes . |
XMLLint | XMLLINT |
|
XUnit | XUNIT |
It only contains the failures. |
YAMLLint | YAMLLINT |
With -f parsable |
ZPTLint | ZPTLINT |
51 parsers and 78 reporters.
Missing a format? Open an issue here!
There is a running example here and it is invoked here.
Here is an example:
<plugin>
<groupId>se.bjurr.violations</groupId>
<artifactId>violation-comments-to-gitlab-maven-plugin</artifactId>
<version>X</version>
<executions>
<execution>
<id>ViolationCommentsToGitLab</id>
<goals>
<goal>violation-comments</goal>
</goals>
<configuration>
<gitLabUrl>${GITLAB_URL}</gitLabUrl>
<mergeRequestIid>${GITLAB_mergeRequestIid}</mergeRequestIid>
<projectId>${GITLAB_PROJECTID}</projectId>
<commentOnlyChangedContent>true</commentOnlyChangedContent>
<commentOnlyChangedContentContext>0</commentOnlyChangedContentContext>
<createCommentWithAllSingleFileComments>true</createCommentWithAllSingleFileComments>
<createSingleFileComments>true</createSingleFileComments>
<keepOldComments>false</keepOldComments>
<minSeverity>INFO</minSeverity>
<apiTokenPrivate>true</apiTokenPrivate>
<apiToken>${GITLAB_APITOKEN}</apiToken>
<ignoreCertificateErrors>true</ignoreCertificateErrors>
<shouldSetWip>false</shouldSetWip>
<violations>
<violation>
<parser>FINDBUGS</parser>
<reporter>Findbugs</reporter>
<folder>.</folder>
<pattern>.*/findbugs/.*\.xml$</pattern>
</violation>
<violation>
<parser>PMD</parser>
<reporter>PMD</reporter>
<folder>.</folder>
<pattern>.*/pmd/.*\.xml$</pattern>
</violation>
<violation>
<parser>CHECKSTYLE</parser>
<reporter>Checkstyle</reporter>
<folder>.</folder>
<pattern>.*/checkstyle/.*\.xml$</pattern>
</violation>
<violation>
<parser>JSHINT</parser>
<reporter>JSHint</reporter>
<folder>.</folder>
<pattern>.*/jshint/.*\.xml$</pattern>
</violation>
<violation>
<parser>CSSLINT</parser>
<reporter>CSSLint</reporter>
<folder>.</folder>
<pattern>.*/csslint/.*\.xml$</pattern>
</violation>
</violations>
</configuration>
</execution>
</executions>
</plugin>
You may also have a look at Violations Lib.