The Jenkins Warnings Next Generation Plugin collects compiler warnings or issues reported by static analysis tools and visualizes the results. It has built-in support for numerous static analysis tools (including several compilers), see the list of supported report formats.
The Warnings Next Generation plugin supports the following Jenkins project types:
- Freestyle Project
- Maven Project
- Matrix Project
- Scripted Pipeline (sequential and parallel steps)
- Declarative Pipeline (sequential and parallel steps)
- Multi-branch Pipeline
The Warnings Next Generation Plugin provides the following features when added as a post build action (or step) to a job:
- The plugin scans the console log of a Jenkins build or files in the workspace of your job for any kind of issues.
There are more than hundred report formats supported. Among the problems it can detect:
- errors from your compiler (C, C#, Java, etc.)
- warnings from a static analysis tool (CheckStyle, StyleCop, SpotBugs, etc.)
- duplications from a copy-and-paste detector (CPD, Simian, etc.)
- vulnerabilities
- open tasks in comments of your source files
- The plugin publishes a report of the issues found in your build, so you can navigate to a summary report from the
main build page. From there you can also dive into the details:
- distribution of new, fixed and outstanding issues
- distribution of the issues by severity, category, type, module, or package
- list of all issues including helpful comments from the reporting tool
- annotated source code of the affected files
- trend charts of the issues
❗ The plugin does not run the static analysis, it just visualizes the results reported by such tools. You still need to enable and configure the static analysis tool in your build file or Jenkinsfile.
- Jenkins Warnings Next Generation Plugin
- Configuration
- New features
- Transition from the static analysis suite
Created by gh-md-toc
You can configure every option of the plugin in Jenkins job configuration user interface (in freestyle, maven, or matrix jobs). Here you need to add and enable the post build action "Record compiler warnings and static analysis results" to your job.
In pipelines the plugin will be activated by adding the step recordIssues. This step can be configured with the same
user interface as well (by using the Snippet editor). Note that for scripted pipelines some additional features are
available to aggregate and group issues, see section Advanced Pipeline Configuration
for details.
In the following sections, both the graphical configuration and the pipeline configuration are shown side by side.
The basic configuration of the plugin is shown in the image above:
First of all you need to specify the tool that should be used to create the issues. Depending on the selected tool you might configure some additional parameters as well.
For all parsers that read report files you need to specify the pattern of the report files that should be parsed and scanned for issues. If you do not specify a pattern, then the console log of your build will be scanned. For several popular tools a default pattern has been provided: in this case the default pattern will be used if the pattern is empty.
In order to let the scanner parse correctly your reports it is required to set the encoding of the files, otherwise the platform encoding will be used which might be incorrect.
Each tool is identified by an ID that is used as URL to the results of the analysis. For each tool, a default URL (and name) is provided that can be changed if required. E.g., if you are going to use a parser multiple times then you need to specify different IDs for each of the invocations.
You can specify multiple tools (and patterns) that will be used with the same configuration. Due to a technical (or marketing) limitation of Jenkins it is not possible to select different configurations by using multiple post build actions.
One new feature is available by using the checkbox "Aggregate Results": if this option is selected, then one result is created that contains an aggregation of all issues of the selected tools. This is something the Static Analysis Collector Plugin provided previously. When this option is activated you get a unique entry point for all of your issues. The following screenshot shows this new behavior:
If this option is not enabled, then for each tool a separate result will be created. This result has a unique URL and icon, so you quickly see the difference between the created reports:
In the basic configuration section you can additionally choose if the step should run for failed builds as well. This option is disabled by default, since analysis results might be inaccurate if the build failed.
An example pipeline with these options is shown in the following snippet:
recordIssues(
enabledForFailure: true, aggregatingResults: true,
tools: [java(), checkStyle(pattern: 'checkstyle-result.xml', reportEncoding: 'UTF-8')]
)If you are using a single tool you can use the property tool instead of tools:
recordIssues enabledForFailure: true, aggregatingResults: true, tool: checkStyle(pattern: 'checkstyle-result.xml')If none of the built-in tools works in your project you have several ways to add additional tools.
A simple way to get the analysis results of your tool into the Warnings plugin is to export the information into one
of the already supported formats. E.g., several tools export their issues into the CheckStyle or PMD format. If you
want to use all features of the Warnings Plugin it would be even better if you would export the information into the
native XML or
JSON format (this parser uses the ID issues).
These formats are already registered in the user interface and you can use them out-of-the-box. You can even provide
issues in a simple log file that contains single lines of JSON issues, see
example.
Here is an example step that can be used to parse the native JSON (or XML) format:
recordIssues(tool: issues())The most flexible way is to define a new tool by writing a Java class that will be deployed in your own small Jenkins plugin, see document "Providing support for a custom static analysis tool" for details.
If the format of your log messages is quite simple then you can define support for your tool by creating a simple tool configuration in Jenkins' user interface. Due to security reasons (Groovy scripts can compromise your master) this configuration is available in the system configuration only. The configuration of a new parser takes a regular expression that will be used to match the report format. If the expression matches, then a Groovy script will be invoked that converts the matching text into an issue instance. Here is an example of such a Groovy based parser:
The Groovy based parser can also be created using a Groovy script from within a pipeline, a Jenkins startup script or the script console, see the following example:
def config = io.jenkins.plugins.analysis.warnings.groovy.ParserConfiguration.getInstance()
if(!config.contains('pep8-groovy')){
def newParser = new io.jenkins.plugins.analysis.warnings.groovy.GroovyParser(
'pep8-groovy',
'Pep8 Groovy Parser',
'(.*):(\\d+):(\\d+): (\\D\\d*) (.*)',
'return builder.setFileName(matcher.group(1)).setCategory(matcher.group(4)).setMessage(matcher.group(5)).buildOptional()',
"optparse.py:69:11: E401 multiple imports on one line"
)
config.setParsers(config.getParsers().plus(newParser))
}Groovy based parsers can also be specified using a section in your JCasC yaml file. Here is a small example that shows how to add such a parser:
unclassified:
warningsParsers:
parsers:
- name: "Example parser"
id: example-id
regexp: "^\\s*(.*):(\\d+):(.*):\\s*(.*)$"
script: |
import edu.hm.hafner.analysis.Severity
builder.setFileName(matcher.group(1))
.setLineStart(Integer.parseInt(matcher.group(2)))
.setSeverity(Severity.WARNING_NORMAL)
.setCategory(matcher.group(3))
.setMessage(matcher.group(4))
return builder.buildOptional();
example: "somefile.txt:2:SeriousWarnings:SomethingWentWrong"Once your Groovy parser has been registered you can use it in the tool configuration section of your job:
First of all, you need to choose the tool "Groovy Parser" in order to get the configuration screen for the Groovy parser. Then you can select the parser from the list of available parsers. This list is dynamically created based on the parsers that are defined in Jenkins' system configuration section. The custom ID and name properties can be set in the same way as for the other tools.
In order to use a Groovy parser in a pipeline you need to use a script statement of the following form:
recordIssues sourceCodeEncoding: 'UTF-8',
tool: groovyScript(parserId: 'groovy-id-in-system-config', pattern:'**/*report.log', reportEncoding:'UTF-8')In order to let the plugin parse and display your source code files it is required to set the correct encoding for these files. Additionally, if your source code is not located in the workspace (e.g. it has been checked out into a shared agent folder), the plugin will not automatically find your source files. In order to let the plugin display those files you can add an additional source directory:
To enable additional source directories for scanning, the directories have to be added in the global configuration. To select enabled directories for scanning, the directories have to be configured on job level.
An example pipeline with these options is shown in the following snippet, note that the encoding of the report files may be set differently if required:
recordIssues sourceCodeEncoding: 'ISO-8859-1', sourceDirectory: '/path/to/sources', tool: java(reportEncoding: 'UTF-8')Note that the content of files outside of the workspace might be sensitive. In order to prevent showing such files by accident you need to provide a whitelist of allowed source code directories in Jenkins system configuration screen:
Alternatively, this configuration setting can be provided by the follwoing subsection in your JCasC yaml file:
unclassified:
warningsPlugin:
sourceDirectories:
- path: "C:\\Temp"
- path: "/mnt/sources"One important feature of the Warnings Next Generation plugin is the classification of issues as new, outstanding and fixed:
- new: all issues, that are part of the current report but have not been shown up in the reference report
- fixed: all issues, that are part of the reference report but are not present in the current report anymore
- outstanding: all issues, that are part of the current and reference report
In order to compute this classification, the plugin requires a reference build (baseline). New, fixed, and outstanding issues are then computed by comparing the issues in the current build and in the baseline. There are three options that control the selection of the reference build.
An example pipeline with these options is shown in the following snippet:
recordIssues tool: java(), ignoreQualityGate: false, ignoreFailedBuilds: true, referenceJobName: 'my-project/master'In pipelines you also have the additional option to specify a specific build that should be used as reference. Such
a build needs to be computed in your pipeline before you call the recordIssues step.
recordIssues tool: java(), ignoreQualityGate: false, ignoreFailedBuilds: true,
referenceJobName: 'my-project/master', referenceBuildId: '1'The created report of issues can be filtered afterwards. You can specify an arbitrary number of include or exclude filters. Currently, there is support for filtering issues by module name, package or namespace name, file name, category or type.
An example pipeline with these options is shown in the following snippet:
recordIssues tool: java(pattern: '*.log'), filters: [includeFile('MyFile.*.java'), excludeCategory('WHITESPACE')]You can define several quality gates that will be checked after the issues have been reported. These quality gates let you modify Jenkins' build status so that you immediately see if the desired quality of your product is met. A build can be set to unstable or failed for each of these quality gates. All quality gates use a simple metric: the number of issues that will fail a given quality gate.
An example pipeline with these options is shown in the following snippet:
recordIssues tool: java(pattern: '*.log'), qualityGates: [[threshold: 1, type: 'TOTAL', unstable: true]]The type determines the property that will be picked to evaluate the quality gate. Refer to the enum QualityGateType to see which different types are supported.
The plugin can participate in the health report of your project. You can change the number of issues that change the health to 0% and 100%, respectively. Additionally, the severities that should be considered when creating the health report can be selected.
An example pipeline with these options is shown in the following snippet:
recordIssues tool: java(pattern: '*.log'), healthy: 10, unhealthy: 100, minimumSeverity: 'HIGH'This job adjusts the build health based on all warnings with severity HIGH and errors. If the build has 10 warnings or less then the health is at 100%. If the build has more than 100 warnings, then the health is at 0%.
Requirements for using the Warnings plugin in Jenkins Pipeline can be complex and sometimes controversial. In order to be as flexible as possible I decided to split the main step into two individual parts, which could then be used independently from each other.
The simple pipeline configuration is provided by the step recordIssues, it provides the same properties as
the post build action (see above). This step scans for issues
in a given set of files (or in the console log) and reports these issues in your build. You can use the
snippet generator to create a working snippet that calls this step. A typical example of this step
is shown in the following example:
recordIssues(
enabledForFailure: true,
tool: java(pattern: '*.log'),
filters: [includeFile('MyFile.*.java'), excludeCategory('WHITESPACE')]
)In this example, the files '*.log' are scanned for Java issues. Only issues with a file name matching the pattern 'MyFile.*.java' are included. Issues with category 'WHITESPACE' will be excluded. The step will be executed even if the build failed.
In order to see all configuration options you can investigate the step implementation.
Configuration of the plugin in Declarative Pipeline jobs is the same as in Scripted Pipelines, see the following example that builds the analysis-model library on Jenkins:
pipeline {
agent 'any'
tools {
maven 'mvn-default'
jdk 'jdk-default'
}
stages {
stage ('Build') {
steps {
sh '${M2_HOME}/bin/mvn --batch-mode -V -U -e clean verify -Dsurefire.useFile=false -Dmaven.test.failure.ignore'
}
}
stage ('Analysis') {
steps {
sh '${M2_HOME}/bin/mvn --batch-mode -V -U -e checkstyle:checkstyle pmd:pmd pmd:cpd findbugs:findbugs spotbugs:spotbugs'
}
}
}
post {
always {
junit testResults: '**/target/surefire-reports/TEST-*.xml'
recordIssues enabledForFailure: true, tools: [mavenConsole(), java(), javaDoc()]
recordIssues enabledForFailure: true, tool: checkStyle()
recordIssues enabledForFailure: true, tool: spotBugs()
recordIssues enabledForFailure: true, tool: cpd(pattern: '**/target/cpd.xml')
recordIssues enabledForFailure: true, tool: pmdParser(pattern: '**/target/pmd.xml')
}
}
}
Sometimes publishing and reporting issues using a single step is not sufficient. E.g., if you build your product using several parallel steps and you want to combine the issues from all of these steps into a single result. Then you need to split scanning and aggregation. The plugin provides the following two steps:
scanForIssues: this step scans a report file or the console log with a particular parser and creates an intermediate AnnotatedReport object that contains the report. See step implementation for details.publishIssues: this step publishes a new report in your build that contains the aggregated results of severalscanForIssuessteps. See step implementation for details.
Example:
node {
stage ('Checkout') {
git branch:'5.0', url: 'git@github.com:jenkinsci/warnings-plugin.git'
}
stage ('Build') {
def mvnHome = tool 'mvn-default'
sh "${mvnHome}/bin/mvn --batch-mode -V -U -e clean verify -Dsurefire.useFile=false"
junit testResults: '**/target/*-reports/TEST-*.xml'
def java = scanForIssues tool: java()
def javadoc = scanForIssues tool: javaDoc()
publishIssues issues: [java, javadoc], filters: [includePackage('io.jenkins.plugins.analysis.*')]
}
stage ('Analysis') {
def mvnHome = tool 'mvn-default'
sh "${mvnHome}/bin/mvn --batch-mode -V -U -e checkstyle:checkstyle pmd:pmd pmd:cpd findbugs:findbugs"
def checkstyle = scanForIssues tool: checkStyle(pattern: '**/target/checkstyle-result.xml')
publishIssues issues: [checkstyle]
def pmd = scanForIssues tool: pmdParser(pattern: '**/target/pmd.xml')
publishIssues issues: [pmd]
def cpd = scanForIssues tool: cpd(pattern: '**/target/cpd.xml')
publishIssues issues: [cpd]
def spotbugs = scanForIssues tool: spotBugs(pattern: '**/target/findbugsXml.xml')
publishIssues issues: [spotbugs]
def maven = scanForIssues tool: mavenConsole()
publishIssues issues: [maven]
publishIssues id: 'analysis', name: 'All Issues',
issues: [checkstyle, pmd, spotbugs],
filters: [includePackage('io.jenkins.plugins.analysis.*')]
}
The most important new features are described in the following sections.
One highlight of the plugin is the ability to categorize issues of subsequent builds as new, fixed and outstanding.
Using this feature makes it a lot easier to keep the quality of your project under control: you can focus only on those warnings that have been introduced recently.
Note: the detection of new warnings is based on a complex algorithm that tries to track the same warning in two different versions of the source code. Depending on the extent of the modification of the source code it might produce some false positives, i.e., you might still get some new and fixed warnings even if there should be none. The accuracy of this algorithm is still ongoing research and will be refined in the next couple of months.
The plugin shows the distribution of the severities of the issues in a chart. It defines the following default severities, but additional ones might be added by plugins that extend the Warnings plugin.
- Error: Indicates an error that typically fails the build
- Warning (High, Normal, Low): Indicates a warning of the given priority. Mapping to the priorities is up to the individual parsers.
Note that not every parser is capable of producing warnings with a different severity. Some of the parsers simply use the same severity for all issues.
In order to see the trend of the analysis results, several charts show the number of issues per build. These charts are used in the details page as well as in the job overview. The following different trend chart types are currently available:
The default trend chart shows the total number of issues, stacked by severity. Using this chart you see which severity contributes the most to the total number of issues.
If your are aggregating the results of several static analysis results, the type chart shows the number of issues for each of the tools using an individual line. You can temporarily hide tools by clicking on the corresponding legend symbol.
If you are interested in your backlog on issues you can open the new-versus-fixed chart. It maps issues introduced versus issues fixed over a sequence of builds. This helps you understand whether your overall backlog is growing or shrinking.
The health chart is only available if health reporting has been enabled. In this case, the trend chart shows how many warnings are in the healthy and unhealthy regions. Your project goal should be to let the number of warnings not escape the green part of the chart.
All trend charts in the detail views support zooming of the build axis using the range sliders at the bottom of the chart.
All trend charts in the detail views can show the number of warnings per build or per day. You can switch between this X-axis variants by selecting the corresponding icon in the top right corner. Each day shows the average number of warnings.
You can get a fast and efficient overview of the reported set of issues in several aggregation views. Depending on the number or type of issues you will see the distribution of issues by
- Static Analysis Tool
- Module
- Package or Namespace
- Severity
- Category
- Type
Each of these detail views are interactive, i.e. you can navigate into a subset of the categorized issues.
The set of reported issues is shown in a modern and responsive table. The table is loaded on demand using an Ajax call. It provides the following features:
- Pagination: the number of issues is subdivided into several pages which can be selected by using the provided page links. Note that currently the pagination is done on the client side, i.e. it may take some time to obtain the whole table of issues from the server.
- Sorting: the table content can be sorted by clicking on ony of the table columns.
- Filtering, Searching: you can filter the shown issues by entering some text in the search box.
- Content Aware: columns are only shown if there is something useful to display. I.e., if a tool does not report an issues category, then the category will be automatically hidden.
- Responsive: the layout should adapt to the actual screen threshold.
- Details: the details message for an issue (if provided by the corresponding static analysis tool) is shown as child row within the table.
If not disabled in the job configuration, the plugin will execute git blame to determine who is the responsible
'author' of an issue. In the corresponding SCM Blames view all issues will be listed with author name, email and
commit ID.
In order to disable the blame feature, set the property blameDisabled to true, see the following example:
recordIssues blameDisabled: true, tool: java(pattern: '*.log')If not disabled in the job configuration, the plugin will mine the source code repository in the style of Code as a Crime Scene (Adam Tornhill, November 2013) to determine statistics of the affected files. In the corresponding SCM Forensics view all issues will be listed with the following properties of the affected files:
- total number of commits
- total number of different authors
- creation time
- last modification time
In order to disable the forensics feature, set the property forensicsDisabled to true, see the following example:
recordIssues forensicsDisabled: true, tool: java(pattern: '*.log')The source code view now uses the JS library Prism to show warnings in an affected file. This library provides syntax highlighting for the most popular languages and renders everything on the client side.
You can show the total number of issues of a job in separate columns of the Jenkins jobs table. By default, the Jenkins main list view will show a new column that counts the total number of issues of all tools. You can add additional columns that can configure
- the column name
- the actual tools that should be taken into account
- the type of the totals to show (overall warnings, new warnings, specific severity, etc.), see section Token Macro Support.
Support for Jenkins dashboard view is also available. Currently, the following portlets are available:
An issues table shows the total number of issues for a job (separated by each tool).
A trend chart can be added as portlet that shows an aggregation of the total number of issues of all jobs.
The plugin provides the following REST API endpoints.
All static analysis tools that have been configured in a build can be queried by using the URL
[build-url]/warnings-ng/api/json (or [build-url]/warnings-ng/api/xml). This aggregation shows ID, name, URL and
total number of issues for each tool.
{
"_class": "io.jenkins.plugins.analysis.core.restapi.AggregationApi",
"tools": [
{
"id": "maven",
"latestUrl": "http://localhost:8080/view/White%20Mountains/job/New%20-%20Pipeline%20-%20Simple%20Model/26/maven",
"name": "Maven Warnings",
"size": 9
},
{
"id": "java",
"latestUrl": "http://localhost:8080/view/White%20Mountains/job/New%20-%20Pipeline%20-%20Simple%20Model/26/java",
"name": "Java Warnings",
"size": 1
},
{
"id": "javadoc",
"latestUrl": "http://localhost:8080/view/White%20Mountains/job/New%20-%20Pipeline%20-%20Simple%20Model/26/javadoc",
"name": "JavaDoc Warnings",
"size": 0
},
{
"id": "checkstyle",
"latestUrl": "http://localhost:8080/view/White%20Mountains/job/New%20-%20Pipeline%20-%20Simple%20Model/26/checkstyle",
"name": "CheckStyle Warnings",
"size": 0
},
{
"id": "pmd",
"latestUrl": "http://localhost:8080/view/White%20Mountains/job/New%20-%20Pipeline%20-%20Simple%20Model/26/pmd",
"name": "PMD Warnings",
"size": 671
},
{
"id": "spotbugs",
"latestUrl": "http://localhost:8080/view/White%20Mountains/job/New%20-%20Pipeline%20-%20Simple%20Model/26/spotbugs",
"name": "SpotBugs Warnings",
"size": 0
},
{
"id": "cpd",
"latestUrl": "http://localhost:8080/view/White%20Mountains/job/New%20-%20Pipeline%20-%20Simple%20Model/26/cpd",
"name": "CPD Warnings",
"size": 123
},
{
"id": "open-tasks",
"latestUrl": "http://localhost:8080/view/White%20Mountains/job/New%20-%20Pipeline%20-%20Simple%20Model/26/open-tasks",
"name": "Open Tasks Scanner Warnings",
"size": 11
}
]
}You can obtain a summary of a particular analysis report by using the URL [build-url]/[tool-id]/api/xml
(or [build-url]/[tool-id]/api/json). The summary contains the number of issues, the quality gate status, and all
info and error messages.
Here is an example XML report:
<analysisResultApi _class='io.jenkins.plugins.analysis.core.restapi.AnalysisResultApi'>
<totalSize>3</totalSize>
<fixedSize>0</fixedSize>
<newSize>0</newSize>
<noIssuesSinceBuild>-1</noIssuesSinceBuild>
<successfulSinceBuild>-1</successfulSinceBuild>
<qualityGateStatus>WARNING</qualityGateStatus>
<owner _class='org.jenkinsci.plugins.workflow.job.WorkflowRun'>
<number>46</number>
<url>http://localhost:8080/view/White%20Mountains/job/Full%20Analysis%20-%20Model/46/</url>
</owner>
<infoMessage>Searching for all files in '/tmp/node1/workspace/Full Analysis - Model' that match the pattern
'**/target/spotbugsXml.xml'
</infoMessage>
<infoMessage>-> found 1 file</infoMessage>
<infoMessage>Successfully parsed file /tmp/node1/workspace/Full Analysis - Model/target/spotbugsXml.xml</infoMessage>
<infoMessage>-> found 3 issues (skipped 0 duplicates)</infoMessage>
<infoMessage>Post processing issues on 'node1' with encoding 'UTF-8'</infoMessage>
<infoMessage>Resolving absolute file names for all issues</infoMessage>
<infoMessage>-> affected files for all issues already have absolute paths</infoMessage>
<infoMessage>Copying affected files to Jenkins' build folder /Users/hafner/Development/jenkins/jobs/Full Analysis -
Model/builds/46
</infoMessage>
<infoMessage>-> 2 copied, 0 not in workspace, 0 not-found, 0 with I/O error</infoMessage>
<infoMessage>Resolving module names from module definitions (build.xml, pom.xml, or Manifest.mf files)</infoMessage>
<infoMessage>-> all issues already have a valid module name</infoMessage>
<infoMessage>Resolving package names (or namespaces) by parsing the affected files</infoMessage>
<infoMessage>-> all affected files already have a valid package name</infoMessage>
<infoMessage>Creating fingerprints for all affected code blocks to track issues over different builds</infoMessage>
<infoMessage>No filter has been set, publishing all 3 issues</infoMessage>
<infoMessage>No valid reference build found - all reported issues will be considered outstanding</infoMessage>
<infoMessage>Evaluating quality qualityGates</infoMessage>
<infoMessage>-> WARNING - Total number of issues: 3 - Quality Gate: 1</infoMessage>
<infoMessage>-> Some quality qualityGates have been missed: overall result is WARNING</infoMessage>
<infoMessage>Health report is disabled - skipping</infoMessage>
</analysisResultApi>The reported issues are also available as REST API. You can either query all issues or only the new, fixed, or outstanding issues. The corresponding URLs are:
[build-url]/[tool-id]/all/api/xml: lists all issues[build-url]/[tool-id]/fixed/api/xml: lists all fixed issues[build-url]/[tool-id]/new/api/xml: lists all new issues[build-url]/[tool-id]/outstanding/api/xml: lists all outstanding issues
Here is an example JSON report:
{
"_class" : "io.jenkins.plugins.analysis.core.restapi.ReportApi",
"issues" : [
{
"baseName" : "AbstractParser.java",
"category" : "EXPERIMENTAL",
"columnEnd" : 0,
"columnStart" : 0,
"description" : "",
"fileName" : "/private/tmp/node1/workspace/Full Analysis - Model/src/main/java/edu/hm/hafner/analysis/AbstractParser.java",
"fingerprint" : "be18f803030f2af690fbeef09eafa5c9",
"lineEnd" : 59,
"lineStart" : 59,
"message" : "edu.hm.hafner.analysis.AbstractParser.parse(File, Charset, Function) may fail to clean up java.io.InputStream",
"moduleName" : "Static Analysis Model and Parsers",
"origin" : "spotbugs",
"packageName" : "edu.hm.hafner.analysis",
"reference" : "46",
"severity" : "LOW",
"type" : "OBL_UNSATISFIED_OBLIGATION"
},
{
"baseName" : "ReportTest.java",
"category" : "STYLE",
"columnEnd" : 0,
"columnStart" : 0,
"description" : "",
"fileName" : "/private/tmp/node1/workspace/Full Analysis - Model/src/test/java/edu/hm/hafner/analysis/ReportTest.java",
"fingerprint" : "331d509297fad027813365ad0fb37e69",
"lineEnd" : 621,
"lineStart" : 621,
"message" : "Return value of Report.get(int) ignored, but method has no side effect",
"moduleName" : "Static Analysis Model and Parsers",
"origin" : "spotbugs",
"packageName" : "edu.hm.hafner.analysis",
"reference" : "46",
"severity" : "LOW",
"type" : "RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT"
},
{
"baseName" : "ReportTest.java",
"category" : "STYLE",
"columnEnd" : 0,
"columnStart" : 0,
"description" : "",
"fileName" : "/private/tmp/node1/workspace/Full Analysis - Model/src/test/java/edu/hm/hafner/analysis/ReportTest.java",
"fingerprint" : "1e641f9c0b35ed97140d639695e8ce18",
"lineEnd" : 624,
"lineStart" : 624,
"message" : "Return value of Report.get(int) ignored, but method has no side effect",
"moduleName" : "Static Analysis Model and Parsers",
"origin" : "spotbugs",
"packageName" : "edu.hm.hafner.analysis",
"reference" : "46",
"severity" : "LOW",
"type" : "RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT"
}
],
"threshold" : 3
}The Warnings plugin provides the token ANALYSIS_ISSUES_COUNT that could be used in additional post build processing
steps, e.g. in the mailer. In order to use this token you need to install the
Token Macro plugin.
The token has the following optional parameters:
tool: selects a particular analysis result, if not defined all results are summed uptype: selects the type of the counter to use, choose one of:TOTAL- Total (any severity), this is the defaultTOTAL_ERROR- Total (errors only)TOTAL_HIGH- Total (severity high only)TOTAL_NORMAL- Total (severity normal only)TOTAL_LOW- Total (severity low only)NEW- New (any severity)NEW_ERROR- New (errors only)NEW_HIGH- New (severity high only)NEW_NORMAL- New (severity normal only)NEW_LOW- New (severity low only)DELTA- Delta (any severity)DELTA_ERROR- Delta (errors only)DELTA_HIGH- Delta (severity high only)DELTA_NORMAL- Delta (severity normal only)DELTA_LOW- Delta (severity low only)FIXED- Fixed (any severity)
Examples:
${ANALYSIS_ISSUES_COUNT}: expands to the aggregated number of issues of all analysis tools${ANALYSIS_ISSUES_COUNT, tool="checkstyle"}: expands to the total number of CheckStyle issues${ANALYSIS_ISSUES_COUNT, tool="checkstyle", type="NEW"}: expands to the number of new CheckStyle issues
Previously the same set of features has been provided by the plugins of the static analysis suite (CheckStyle, PMD, FindBugs, Static Analysis Utilities, Analysis Collector, Task Scanner, Warnings etc.). In order to simplify the user experience and the development process, these plugins and the core functionality have been merged into the Warnings Next Generation plugin. These old static analysis plugins are not required anymore and are now end-of-life. If you currently use one of these old plugins you should migrate to the new recorders and steps as soon as possible. I will still maintain the old code for a while, but the main development effort will be spent into the new code base.
Pipelines calling the old static analysis steps (e.g., findbugs, checkstyle, etc.) need to call the new recordIssues
step now. The same step is used for all static analysis tools, the actual parser is selected
by using the step property tools. For more details on the set of available parameters please see section
Configuration.
Freestyle, Matrix or Maven Jobs using the old API used a so called Post Build Action that was provided by each individual plugin. E.g., the FindBugs plugin did provide the post build action "Publish FindBugs analysis results". These old plugin specific actions are not supported anymore, they are now marked with [Deprecated] in the user interface. Now you need to add a new post build step - this step now is called "Record compiler warnings and static analysis results" for all static analysis tools. The selection of the tool is part of the configuration of this post build step. Note: the warnings produced by a post build step using the old API cannot not be read by the new post build actions. I.e., you can't see a combined history of the old and new results - you simply see two unrelated results. There is also no automatic conversion of results stored in the old format available.
The following plugins have been integrated into this new version of the Warnings plugin:
- Android-Lint Plugin
- Analysis Collector Plugin
- CheckStyle Plugin
- CCM Plugin
- Dry Plugin
- PMD Plugin
- FindBugs Plugin
- Tasks Scanner Plugin
- Warnings Plugin
All other plugins still need to be integrated or need to be refactored to use the new API.