This library provides a Java object model to read, aggregate, filter, and query static analysis reports. It is used by Jenkins' warnings next generation plug-in to visualize the warnings of individual builds. Additionally, this library is used by a GitHub action to autograde student software projects based on a given set of metrics (unit tests, code and mutation coverage, static analysis warnings).
This library consists basically of three separate parts:
- A model to manage a set of issues of static code analysis runs. This includes the possibility to track issues in different source code versions using a fingerprinting algorithm.
- Parsers for more than hundred report formats. Among the problems this library can detect:
- messages from your build tool (Maven, Gradle, MSBuild, make, etc.)
- errors from your compiler (C, C#, Java, etc.)
- warnings from a static analysis tool (CheckStyle, StyleCop, SpotBugs, etc.)
- duplications from a copy-and-paste detector (CPD, Simian, etc.)
- vulnerabilities
- open tasks in comments of your source files
- Additional descriptions for a selected set of static analysis tools that provide details for individual violations (including code samples, solutions, or quick fixes).
All source code is licensed under the MIT license.