{"id":23287294,"url":"https://github.com/ezienecker/static-code-review-plugin","last_synced_at":"2025-07-29T12:38:54.815Z","repository":{"id":36705890,"uuid":"209943456","full_name":"ezienecker/static-code-review-plugin","owner":"ezienecker","description":"A plugin which comments the found bugs (by static code analyzer) to your merge request","archived":false,"fork":false,"pushed_at":"2022-10-02T14:55:28.000Z","size":65,"stargazers_count":5,"open_issues_count":3,"forks_count":2,"subscribers_count":2,"default_branch":"develop","last_synced_at":"2025-07-01T15:13:11.974Z","etag":null,"topics":["code-analysis","findbugs","hacktoberfest","spotbugs","spotbugs-maven-plugin","static-analysis","static-code-analysis"],"latest_commit_sha":null,"homepage":"","language":"Kotlin","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ezienecker.png","metadata":{"files":{"readme":"README.adoc","changelog":"CHANGELOG.adoc","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-09-21T07:28:03.000Z","updated_at":"2022-10-02T14:18:31.000Z","dependencies_parsed_at":"2023-01-17T04:13:08.061Z","dependency_job_id":null,"html_url":"https://github.com/ezienecker/static-code-review-plugin","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/ezienecker/static-code-review-plugin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ezienecker%2Fstatic-code-review-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ezienecker%2Fstatic-code-review-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ezienecker%2Fstatic-code-review-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ezienecker%2Fstatic-code-review-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ezienecker","download_url":"https://codeload.github.com/ezienecker/static-code-review-plugin/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ezienecker%2Fstatic-code-review-plugin/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267687321,"owners_count":24127890,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-29T02:00:12.549Z","response_time":2574,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["code-analysis","findbugs","hacktoberfest","spotbugs","spotbugs-maven-plugin","static-analysis","static-code-analysis"],"created_at":"2024-12-20T02:18:08.967Z","updated_at":"2025-07-29T12:38:54.679Z","avatar_url":"https://github.com/ezienecker.png","language":"Kotlin","readme":"= Static Code Review Plugin\n\nimage::https://img.shields.io/github/license/ezienecker/static-code-review-plugin.svg[License]\nimage::https://travis-ci.com/ezienecker/static-code-review-plugin.svg?branch=develop[\"Build Status\", link=\"https://travis-ci.com/ezienecker/static-code-review-plugin\"]\nimage::https://img.shields.io/maven-central/v/de.manuzid/static-code-review-plugin.svg?label=Maven%20Central[\"Maven Central\", link=\"https://search.maven.org/search?q=g:%22de.manuzid%22%20AND%20a:%22static-code-review-plugin%22\"]\n\nThis plugin asks within a merge request for the changed files and analyzes the code with the help of static code analyzer (currently https://spotbugs.github.io/[SpotBugs] and https://arturbosch.github.io/detekt/[Detekt] but more are planned). The found bugs are then commented to the corresponding code location.\n\n== Usage\n\nAdd the following to your `pom.xml`\n\n[source,xml]\n....\n\u003cbuild\u003e\n \u003cplugins\u003e\n \u003cplugin\u003e\n \u003cgroupId\u003ede.manuzid\u003c/groupId\u003e\n \u003cartifactId\u003estatic-code-review-plugin\u003c/artifactId\u003e\n \u003cversion\u003e2.0.0\u003c/version\u003e\n \u003cexecutions\u003e\n \u003cexecution\u003e\n \u003cphase\u003everify\u003c/phase\u003e\n \u003cgoals\u003e\n \u003cgoal\u003ereport\u003c/goal\u003e\n \u003c/goals\u003e\n \u003c/execution\u003e\n \u003c/executions\u003e\n \u003c/plugin\u003e\n \u003c/plugins\u003e\n\u003c/build\u003e\n....\n\nExecute the following command to run the plugin\n\n[source,bash]\n....\nmvn verify -DprojectId=$CI_PROJECT_ID \\\n -DmergeRequestIid=$CI_MERGE_REQUEST_IID \\\n -Dauth.token=$GITLAB_AUTH_TOKEN\n....\n\nTo exclude analyzer use the `exclusion` tag\n\n[source,xml]\n....\n\u003cplugin\u003e\n \u003cgroupId\u003ede.manuzid\u003c/groupId\u003e\n \u003cartifactId\u003estatic-code-review-plugin\u003c/artifactId\u003e\n \u003cversion\u003e2.0.0\u003c/version\u003e\n \u003cconfiguration\u003e\n \u003cexclusions\u003e\n \u003cexclusion\u003espotbugs\u003c/exclusion\u003e\n \u003c/exclusions\u003e\n \u003c/configuration\u003e\n \u003cexecutions\u003e\n \u003cexecution\u003e\n \u003cphase\u003everify\u003c/phase\u003e\n \u003cgoals\u003e\n \u003cgoal\u003ereport-detekt\u003c/goal\u003e\n \u003c/goals\u003e\n \u003c/execution\u003e\n \u003c/executions\u003e\n\u003c/plugin\u003e\n....\n\n=== Samples\n\n* https://gitlab.com/manuzid/static-code-review-plugin-sample-java[Java Sample]\n* https://gitlab.com/manuzid/static-code-review-plugin-sample-kotlin[Kotlin Sample]\n\n== Configuration\n\n=== Required\n\n|===\n|Property |Default |Description\n\n|gitUrl |If GitHub is activated: `https://api.github.com`, otherwise `https://gitlab.com/` |The URL of the GitLab server\n3+|One of the two must be given, either the `projectId` or `repository`\nThis depends on whether GitLab or GitHub is selected as the Git server.\nGitLab needs the `projectId` and GitHub the `repository` name.\n|projectId |None |The project in the form of an Integer(ID) or String(path)\n|repository |None |Is a combination of `owner` und `repository`.\n`Owner` is the account owner of the repository. The name is not case-sensitive.\n`Repository` is the name of the repository. The name is not case-sensitive.\n|mergeRequestIid |None |The internal ID of the merge request\n|static-code-review.skip |false |If true, execution will be skipped entirely.\n|isGitHub |false |If false then GitLab is selected as the Git server, otherwise GitHub is the Git server.\n3+|One of the two must be given, either the `auth.token` or the basic auth (`auth.username` \u0026 `auth.password`).\nNote that none of them must be protected, otherwise they cannot be read by the plugin.\n|auth.token |None |The private token to use for access to the GitLab API\n|auth.username |None |The username for basic auth with the GitLab server.\n|auth.password |None |The password for basic auth with the GitLab server.\n\n|===\n\n=== Optional\n\n|===\n|Property |Default |Description\n\n|proxy.serverAddress |None |The URI of the proxy server.\n|proxy.username |None |The username for basic auth with the proxy server.\n|proxy.password |None |The password for basic auth with the proxy server.\n|applicationSources |`src/main/java` |Application/Library sources.\n|exclusions |empty list |A list of strings containing the analyzers to be excluded.\n|exclusion |None |Analyzer that should be excluded. Valid values: `spotbugs`, `detekt`\n3+|SpotBugs Settings\n|compiledClasses |`classes` |Compiled Application/Library sources.\n|priorityThresholdLevel |3 |It specifies the confidence/priority threshold for reporting issues. 1 = High, 2 = Normal, 3 = Low, 4 = Ignored, 5 = Experimental.\n\n|===\n\n== Goal\n\n=== Report\n\nUsed to run static code review plugin\n\n== Hints\n\n* Configuration Output\n\nTo be able to check at runtime how the plugin is configured, you need to run the maven command with debug output (`-X`).\n\n[source,bash]\n....\nmvn verify -X -DprojectId=$CI_PROJECT_ID \\\n -DmergeRequestIid=$CI_MERGE_REQUEST_IID \\\n -Dauth.token=$GITLAB_AUTH_TOKEN\n....\n\nThen look for the following line `[DEBUG] Configuring mojo 'de.manuzid:static-code-review-plugin` and\nyou should see the following output.\n\n[source,bash]\n....\n[DEBUG] Configuring mojo 'de.manuzid:static-code-review-plugin:1.1.0:report-detekt' with basic configurator --\u003e\n[DEBUG] (f) applicationSourcePath = src/main/kotlin\n[DEBUG] (f) authToken = \u003capi-token\u003e\n[DEBUG] (f) compiledClassPath = classes\n[DEBUG] (f) exclusions = [detekt]\n[DEBUG] (f) gitUrl = https://gitlab.com/\n[DEBUG] (f) mergeRequestIid = 1\n[DEBUG] (f) project = MavenProject: de.manuzid:static-code-review-plugin-sample-kotlin:1.0.0 @ /Users/manuzid/public-projects/static-code-review-plugin-sample/static-code-review-plugin-sample-kotlin/pom.xml\n[DEBUG] (f) projectId = 17068115\n[DEBUG] (f) skip = false\n[DEBUG] -- end configuration --\n....\n\n* Detekt Configuration\n\nIn order to resolve the path to the file to be commented on correctly, it is mandatory that the `applicationSources` is\nspecified when analyzing Kotlin files.\n\n== Releasing\n\nCreating a new release involves the following steps:\n\n. `./mvnw gitflow:release-start gitflow:release-finish`\n. `git push origin master`\n. `git push --tags`\n. `git push origin develop`\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fezienecker%2Fstatic-code-review-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fezienecker%2Fstatic-code-review-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fezienecker%2Fstatic-code-review-plugin/lists"}