SonarQube, Checkstyle, PMD, Spot
Freddy Mallet
Simon Brandhof
Olivier Gaudin
最早在2007年,使用Sonar这个名称,后来由于商标问题,更名 为SonarQube。到2008年,三人创建SonarSource公司进入ToB领域。
目前SQ更像是一个平台,通过支持自己开发的分析工具,以及支持的第三方工具结果。例如——
- Conventions (Checkstyle)
- Bad practices (PMD)
- Potential bugs (FindBugs)
SQ可以从多个维度衡量代码质量——
- bugs
- code smells
- security vulnerabilities
- duplicated code
- coding standards
- unit tests
- code coverage
- code complexity
Is SonarQube Replacement for Checkstyle, PMD, FindBugs?
Yes and No. In addition to the other answers.
SonarQube is currently on the way to deprecate PMD, Checkstyle and Findbugs and use their own technology to analyze Java code (called SonarJava). They do it, because they don't want to spend their time fixing, upgrading (or waiting on it) those libraries (e.g. for Java 8), which for example uses outdated libraries.
They also got a new set of plugins for your personal IDE called SonarLint.
从上面的讨论组以及目前SQ支持的插件来看,上述三个工具依然以插件形式支持。但对PMD和FindBugs的替换是成功的。
| Tool | Source | Sonar-Plugin |
|---|---|---|
| SpotBugs | github | sonar-findbugs |
| PMD | github | sonar-pmd |
| Checkstyle | github | sonar-checkstyle |
| Language | Property | Remarks |
|---|---|---|
| Java | sonar.java.spotbugs.reportPaths |
Comma-delimited list of paths to reports from SpotBugs, FindSecBugs, or FindBugs |
| Java | sonar.java.pmd.reportPaths |
Comma-delimited list of paths to reports from PMD |
| Java | sonar.java.checkstyle.reportPaths |
Comma-delimited list of paths to reports from Checkstyle |
Tools to Improve Java Code Quality
Sonar uses FindBugs, Checkstyle and PMD to collect and analyze source code for bugs, bad code, and possible violation of code style policies.
Alibaba P3C ——包含以下三个部分
-
PMD implementations 基于PMD规则,实现了54条Alibaba开发规约中的规则,详见
-
IntelliJ IDEA plugin, 使用方法说明
实现了开发手册中的的53条规则,大部分基于PMD实现,其中有4条规则基于IDEA实现,并且基于IDEA Inspection实现了实时检测功能。
- Eclipse plugin,使用方法说明
插件实现了开发手册中的53条规则,大部分基于PMD实现,其中有4条规则基于Eclipse实现,支持4条规则的QuickFix功能。
