violations-command-line

'Command line tool that will find report files from static code analysis, present and optionally fail the command.'

Usage no npm install needed!

<script type="module">
  import violationsCommandLine from 'https://cdn.skypack.dev/violations-command-line';
</script>

README

Violations Command Line

Maven Central NPM

This is a command line tool that will find report files from static code analysis, present and optionally fail the command. It uses the Violations Lib.

The runnable can be found in Maven Central or NPM.

Run it with:

npx violations-command-line -s ERROR -mv 0 \
 -v "CHECKSTYLE" "." ".*checkstyle/main\.xmlquot; "Checkstyle" \
 -v "JSHINT" "." ".*jshint/report\.xmlquot; "JSHint"

It can parse results from static code analysis and:

  • Report violations in the build log.
  • Export to a normalized JSON format.
npx violations-command-line -vf violations-report.json \
 -v "CHECKSTYLE" "." ".*checkstyle/main\.xmlquot; "Checkstyle"
  • Export to CodeClimate JSON.
npx violations-command-line -cc code-climate-report.json \
 -v "CHECKSTYLE" "." ".*checkstyle/main\.xmlquot; "Checkstyle"
  • Export to Sarif JSON.
npx violations-command-line -sa sarif-report.json \
 -v "CHECKSTYLE" "." ".*checkstyle/main\.xmlquot; "Checkstyle"
  • Optionally fail the build depending on violations found.

A snippet of the output may look like this:

...
se/bjurr/violations/lib/example/OtherClass.java
╔══════════╤════════════╤══════════╤══════╤════════════════════════════════════════════════════╗
║ Reporter │ Rule       │ Severity │ Line │ Message                                            ║
╠══════════╪════════════╪══════════╪══════╪════════════════════════════════════════════════════╣
║ Findbugs │ MS_SHOULD_ │ INFO     │ 7    │ Field isn't final but should be                    ║
║          │ BE_FINAL   │          │      │                                                    ║
║          │            │          │      │                                                    ║
║          │            │          │      │    <p>                                             ║
║          │            │          │      │ This static field public but not final, and        ║
║          │            │          │      │ could be changed by malicious code or              ║
║          │            │          │      │         by accident from another package.          ║
║          │            │          │      │         The field could be made final to avoid     ║
║          │            │          │      │         this vulnerability.</p>                    ║
╟──────────┼────────────┼──────────┼──────┼────────────────────────────────────────────────────╢
║ Findbugs │ NM_FIELD_N │ INFO     │ 6    │ Field names should start with a lower case letter  ║
║          │ AMING_CONV │          │      │                                                    ║
║          │ ENTION     │          │      │                                                    ║
║          │            │          │      │   <p>                                              ║
║          │            │          │      │ Names of fields that are not final should be in mi ║
║          │            │          │      │ xed case with a lowercase first letter and the fir ║
║          │            │          │      │ st letters of subsequent words capitalized.        ║
║          │            │          │      │ </p>                                               ║
╚══════════╧════════════╧══════════╧══════╧════════════════════════════════════════════════════╝

Summary of se/bjurr/violations/lib/example/OtherClass.java
╔══════════╤══════╤══════╤═══════╤═══════╗
║ Reporter │ INFO │ WARN │ ERROR │ Total ║
╠══════════╪══════╪══════╪═══════╪═══════╣
║ Findbugs │ 2    │ 0    │ 0     │ 2     ║
╟──────────┼──────┼──────┼───────┼───────╢
║          │ 2    │ 0    │ 0     │ 2     ║
╚══════════╧══════╧══════╧═══════╧═══════╝


Summary
╔════════════╤══════╤══════╤═══════╤═══════╗
║ Reporter   │ INFO │ WARN │ ERROR │ Total ║
╠════════════╪══════╪══════╪═══════╪═══════╣
║ Checkstyle │ 4    │ 1    │ 1     │ 6     ║
╟────────────┼──────┼──────┼───────┼───────╢
║ Findbugs   │ 2    │ 2    │ 5     │ 9     ║
╟────────────┼──────┼──────┼───────┼───────╢
║            │ 6    │ 3    │ 6     │ 15    ║
╚════════════╧══════╧══════╧═══════╧═══════╝

Example of supported reports are available here.

A number of parsers have been implemented. Some parsers can parse output from several reporters.

Reporter Parser Notes
ARM-GCC CLANG
AndroidLint ANDROIDLINT
AnsibleLint FLAKE8 With -p
Bandit CLANG With bandit -r examples/ -f custom -o bandit.out --msg-template "{abspath}:{line}: {severity}: {test_id}: {msg}"
CLang CLANG
CPD CPD
CPPCheck CPPCHECK With cppcheck test.cpp --output-file=cppcheck.xml --xml
CPPLint CPPLINT
CSSLint CSSLINT
Checkstyle CHECKSTYLE
CloudFormation Linter JUNIT cfn-lint . -f junit --output-file report-junit.xml
CodeClimate CODECLIMATE
CodeNarc CODENARC
Dart MACHINE With dart analyze --format=machine
Detekt CHECKSTYLE With --output-format xml.
DocFX DOCFX
Doxygen CLANG
ERB CLANG With erb -P -x -T '-' "${it}" \| ruby -c 2>&1 >/dev/null \| grep '^-' \| sed -E 's/^-([a-zA-Z0-9:]+)/${filename}\1 ERROR:/p' > erbfiles.out.
ESLint CHECKSTYLE With format: 'checkstyle'.
Findbugs FINDBUGS
Flake8 FLAKE8
FxCop FXCOP
GCC CLANG
Gendarme GENDARME
Generic reporter GENERIC Will create one single violation with all the content as message.
GoLint GOLINT
GoVet GOLINT Same format as GoLint.
GolangCI-Lint CHECKSTYLE With --out-format=checkstyle.
GoogleErrorProne GOOGLEERRORPRONE
HadoLint CHECKSTYLE With -f checkstyle
IAR IAR With --no_wrap_diagnostics
Infer PMD Facebook Infer. With --pmd-xml.
JACOCO JACOCO
JCReport JCREPORT
JSHint JSLINT With --reporter=jslint or the CHECKSTYLE parser with --reporter=checkstyle
JUnit JUNIT It only contains the failures.
KTLint CHECKSTYLE
Klocwork KLOCWORK
KotlinGradle KOTLINGRADLE Output from Kotlin Gradle Plugin.
KotlinMaven KOTLINMAVEN Output from Kotlin Maven Plugin.
Lint LINT A common XML format, used by different linters.
MSBuildLog MSBULDLOG With -fileLogger use .*msbuild\\.log$ as pattern or -fl -flp:logfile=MyProjectOutput.log;verbosity=diagnostic for a custom output filename
MSCpp MSCPP
Mccabe FLAKE8
MyPy MYPY
NullAway GOOGLEERRORPRONE Same format as Google Error Prone.
PCLint PCLINT PC-Lint using the same output format as the Jenkins warnings plugin, details here
PHPCS CHECKSTYLE With phpcs api.php --report=checkstyle.
PHPPMD PMD With phpmd api.php xml ruleset.xml.
PMD PMD
Pep8 FLAKE8
PerlCritic PERLCRITIC
PiTest PITEST
ProtoLint PROTOLINT
Puppet-Lint CLANG With -log-format %{fullpath}:%{line}:%{column}: %{kind}: %{message}
PyDocStyle PYDOCSTYLE
PyFlakes FLAKE8
PyLint PYLINT With pylint --output-format=parseable.
ReSharper RESHARPER
RubyCop CLANG With rubycop -f clang file.rb
SARIF SARIF
SbtScalac SBTSCALAC
Scalastyle CHECKSTYLE
Simian SIMIAN
Sonar SONAR With mvn sonar:sonar -Dsonar.analysis.mode=preview -Dsonar.report.export.path=sonar-report.json. Removed in 7.7, see SONAR-11670 but can be retrieved with: curl --silent 'http://sonar-server/api/issues/search?componentKeys=unique-key&resolved=false' \| jq -f sonar-report-builder.jq > sonar-report.json.
Spotbugs FINDBUGS
StyleCop STYLECOP
SwiftLint CHECKSTYLE With --reporter checkstyle.
TSLint CHECKSTYLE With -t checkstyle
Valgrind VALGRIND With --xml=yes.
XMLLint XMLLINT
XUnit XUNIT It only contains the failures.
YAMLLint YAMLLINT With -f parsable
ZPTLint ZPTLINT

48 parsers and 74 reporters.

Missing a format? Open an issue here!

Usage

-code-climate, -cc <path>                               Create a CodeClimate 
                                                        file with all the 
                                                        violations.
                                                        <path>: a file path
                                                        Default: /home/bjerre/workspace/violations/violations-command-line/.
-config-file, -cf <path>                                Will read config from 
                                                        given file. Can also be 
                                                        configured with environment 
                                                        variable VIOLATIONS_CONFIG. 
                                                        Format is what you get from -
                                                        show-json-config.
                                                        <path>: a file path
                                                        Default: /home/bjerre/workspace/violations/violations-command-line/.
-detail-level, -dl <ViolationsReporterDetailLevel>      Verbosity
                                                        <ViolationsReporterDetailLevel>: {VERBOSE | COMPACT | PER_FILE_COMPACT}
                                                        Default: VERBOSE
-diff-detail-level, -ddl                                <ViolationsReporterDetailLevel>: {VERBOSE | COMPACT | PER_FILE_COMPACT}
<ViolationsReporterDetailLevel>                         Default: VERBOSE
-diff-from, -df <string>                                Can be empty 
                                                        (ignored), Git-commit or any Git-
                                                        reference
                                                        <string>: any string
                                                        Default: 
-diff-max-violations, -dmv <integer>                    Will fail the build if 
                                                        total number of found 
                                                        violations is higher
                                                        <integer>: -2,147,483,648 to 2,147,483,647
                                                        Default: 2,147,483,647
-diff-print-violations, -dpv <boolean>                  Will print violations 
                                                        found in diff
                                                        <boolean>: true or false
                                                        Default: false
-diff-severity, -ds <SEVERITY>                          <SEVERITY>: {INFO | WARN | ERROR}
                                                        Default: INFO
-diff-to, -dt <string>                                  Can be empty 
                                                        (ignored), Git-commit or any Git-
                                                        reference
                                                        <string>: any string
                                                        Default: 
-git-repo, -gr <path>                                   Where to look for Git.
                                                        <path>: a file path
                                                        Default: /home/bjerre/workspace/violations/violations-command-line/.
-h, --help <argument-to-print-help-for>                 <argument-to-print-help-for>: an argument to print help for
                                                        Default: If no specific parameter is given the whole usage text is given
-jacoco-min-coverage, -jmc <big-decimal>                Minimum coverage in 
                                                        Jacoco that will generate a 
                                                        violation.
                                                        <big-decimal>: an arbitrary decimal number (practically no limits)
                                                        Default: 0.7
-jacoco-min-line-count, -jmlc <integer>                 Minimum line count in 
                                                        Jacoco that will generate a 
                                                        violation.
                                                        <integer>: -2,147,483,648 to 2,147,483,647
                                                        Default: 4
-max-line-column-width, -mlcw <integer>                 0 means no limit
                                                        <integer>: -2,147,483,648 to 2,147,483,647
                                                        Default: 0
-max-message-column-width, -mmcw <integer>              0 means no limit
                                                        <integer>: -2,147,483,648 to 2,147,483,647
                                                        Default: 50
-max-reporter-column-width, -mrcw <integer>             0 means no limit
                                                        <integer>: -2,147,483,648 to 2,147,483,647
                                                        Default: 0
-max-rule-column-width, -mrucw <integer>                0 means no limit
                                                        <integer>: -2,147,483,648 to 2,147,483,647
                                                        Default: 10
-max-severity-column-width, -mscw <integer>             0 means no limit
                                                        <integer>: -2,147,483,648 to 2,147,483,647
                                                        Default: 0
-max-violations, -mv <integer>                          Will fail the build if 
                                                        total number of found 
                                                        violations is higher.
                                                        <integer>: -2,147,483,648 to 2,147,483,647
                                                        Default: 2,147,483,647
-print-violations, -pv <boolean>                        Will print violations 
                                                        found
                                                        <boolean>: true or false
                                                        Default: true
-sarif, -ss <path>                                      Create a Sarif file 
                                                        with all the violations.
                                                        <path>: a file path
                                                        Default: /home/bjerre/workspace/violations/violations-command-line/.
-severity, -s <SEVERITY>                                Minimum severity level 
                                                        to report.
                                                        <SEVERITY>: {INFO | WARN | ERROR}
                                                        Default: INFO
-show-debug-info                                        Please run your 
                                                        command with this parameter 
                                                        and supply output when 
                                                        reporting bugs.
                                                        Default: disabled
-show-json-config                                       Will print the given 
                                                        config as JSON.
                                                        Default: disabled
--violations, -v <string>                               The violations to look 
                                                        for. <PARSER> <FOLDER> 
                                                        <REGEXP PATTERN> <NAME> where 
                                                        PARSER is one of: 
                                                        ANDROIDLINT, CHECKSTYLE, CODENARC, 
                                                        CLANG, CPD, CPPCHECK, 
                                                        CPPLINT, CSSLINT, GENERIC, 
                                                        FINDBUGS, FLAKE8, FXCOP, 
                                                        GENDARME, IAR, JACOCO, JCREPORT, 
                                                        JSLINT, JUNIT, LINT, KLOCWORK, 
                                                        KOTLINMAVEN, KOTLINGRADLE, MSCPP, 
                                                        MSBULDLOG, MYPY, GOLINT, 
                                                        GOOGLEERRORPRONE, PERLCRITIC, PITEST, 
                                                        PMD, PROTOLINT, PYDOCSTYLE, 
                                                        PYLINT, RESHARPER, 
                                                        SARIFPARSER, SBTSCALAC, SIMIAN, 
                                                        SONAR, STYLECOP, XMLLINT, 
                                                        YAMLLINT, ZPTLINT, DOCFX, 
                                                        PCLINT, CODECLIMATE, XUNIT, 
                                                        VALGRIND
                                                         Example: -v "JSHINT" 
                                                        "." ".*/jshint.xmlquot; 
                                                        "JSHint" [Supports Multiple occurrences]
                                                        <string>: any string
                                                        Default: Empty list
-violations-file, -vf <path>                            Create a JSON file 
                                                        with all the violations.
                                                        <path>: a file path
                                                        Default: /home/bjerre/workspace/violations/violations-command-line/.

Checkout the Violations Lib for more documentation.