{"id":20428299,"url":"https://github.com/tomasbjerre/violation-comments-to-bitbucket-cloud-command-line","last_synced_at":"2025-04-12T19:23:54.024Z","repository":{"id":57392699,"uuid":"191027269","full_name":"tomasbjerre/violation-comments-to-bitbucket-cloud-command-line","owner":"tomasbjerre","description":"Report static code analysis to Bitbucket Cloud","archived":false,"fork":false,"pushed_at":"2024-03-24T17:38:58.000Z","size":322,"stargazers_count":10,"open_issues_count":3,"forks_count":0,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-04-26T18:04:36.215Z","etag":null,"topics":["bitbucket","bitbucket-cli","bitbucket-cloud"],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tomasbjerre.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["tomasbjerre"]}},"created_at":"2019-06-09T16:05:18.000Z","updated_at":"2023-12-07T23:26:53.000Z","dependencies_parsed_at":"2024-03-03T07:25:28.763Z","dependency_job_id":"0a778e06-d2b7-453a-a764-c513b6c70d41","html_url":"https://github.com/tomasbjerre/violation-comments-to-bitbucket-cloud-command-line","commit_stats":{"total_commits":102,"total_committers":1,"mean_commits":102.0,"dds":0.0,"last_synced_commit":"d5cfb7321db4990e0127c43fe882e81df6d379b2"},"previous_names":[],"tags_count":38,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomasbjerre%2Fviolation-comments-to-bitbucket-cloud-command-line","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomasbjerre%2Fviolation-comments-to-bitbucket-cloud-command-line/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomasbjerre%2Fviolation-comments-to-bitbucket-cloud-command-line/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomasbjerre%2Fviolation-comments-to-bitbucket-cloud-command-line/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tomasbjerre","download_url":"https://codeload.github.com/tomasbjerre/violation-comments-to-bitbucket-cloud-command-line/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248619282,"owners_count":21134386,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bitbucket","bitbucket-cli","bitbucket-cloud"],"created_at":"2024-11-15T07:25:05.489Z","updated_at":"2025-04-12T19:23:53.997Z","avatar_url":"https://github.com/tomasbjerre.png","language":"Java","funding_links":["https://github.com/sponsors/tomasbjerre"],"categories":[],"sub_categories":[],"readme":"# Violation Comments To Bitbucket Cloud Command Line\n\n[![NPM](https://img.shields.io/npm/v/violation-comments-to-bitbucket-cloud-command-line.svg?style=flat-square) ](https://www.npmjs.com/package/violation-comments-to-bitbucket-cloud-command-line)\n[![Maven Central](https://maven-badges.herokuapp.com/maven-central/se.bjurr.violations/violation-comments-to-bitbucket-cloud-command-line/badge.svg)](https://maven-badges.herokuapp.com/maven-central/se.bjurr.violations/violation-comments-to-bitbucket-cloud-command-line)\n[![Docker Pulls](https://badgen.net/docker/pulls/tomasbjerre/violation-comments-to-bitbucket-cloud-command-line?icon=docker\u0026label=pulls)](https://hub.docker.com/r/tomasbjerre/violation-comments-to-bitbucket-cloud-command-line/)\n\nReport static code analysis to Bitbucket Cloud. It uses the [Violations Lib](https://github.com/tomasbjerre/violations-lib).\n\n![Bitbucket Cloud Comment](/bitbucket-cloud-comment.png)\n\nThe runnable can be found in [NPM](https://www.npmjs.com/package/violation-comments-to-bitbucket-cloud-command-line).\n\nRun it with:\n\n```shell\nnpx violation-comments-to-bitbucket-cloud-command-line \\\n -u tomasbjerre \\\n -p MY-APPLICATION-PASSWORD \\\n -ws tomasbjerre \\\n -rs violations-test \\\n -prid 1 \\\n -v \"CHECKSTYLE\" \".\" \".*checkstyle/main\\.xml$\" \"Checkstyle\" \\\n -v \"JSHINT\" \".\" \".*jshint/report\\.xml$\" \"JSHint\"\n```\n\nCreate **application passwords** like this: https://confluence.atlassian.com/bitbucket/app-passwords-828781300.html\n\nIf using it from **Jenkins**, you may integrate with Bitbucket Cloud with this plugin: https://github.com/jenkinsci/generic-webhook-trigger-plugin\n\n**You must perform the merge before build**. If you don't perform the merge, the reported violations will refer to other lines then those in the pull request. The merge can be done with a shell script like this.\n\n```\necho ---\necho --- Merging from $FROM in $FROMREPO to $TO in $TOREPO\necho ---\ngit clone $TOREPO\ncd *\ngit reset --hard $TO\ngit status\ngit remote add from $FROMREPO\ngit fetch from\ngit merge $FROM\ngit --no-pager log --max-count=10 --graph --abbrev-commit\n\nYour build command here!\n```\n\nExample of supported reports are available [here](https://github.com/tomasbjerre/violations-lib/tree/master/src/test/resources).\n\nA number of **parsers** have been implemented. Some **parsers** can parse output from several **reporters**.\n\n| Reporter | Parser | Notes\n| --- | --- | ---\n| [_ARM-GCC_](https://developer.arm.com/open-source/gnu-toolchain/gnu-rm)               | `CLANG`              | \n| [_AndroidLint_](http://developer.android.com/tools/help/lint.html)                    | `ANDROIDLINT`        | \n| [_Ansible-Later_](https://github.com/thegeeklab/ansible-later)                        | `ANSIBLELATER`       | With `json` format\n| [_AnsibleLint_](https://github.com/willthames/ansible-lint)                           | `FLAKE8`             | With `-p`\n| [_Bandit_](https://github.com/PyCQA/bandit)                                           | `CLANG`              | With `bandit -r examples/ -f custom -o bandit.out --msg-template \"{abspath}:{line}: {severity}: {test_id}: {msg}\"`\n| [_CLang_](https://clang-analyzer.llvm.org/)                                           | `CLANG`              | \n| [_CPD_](http://pmd.sourceforge.net/pmd-4.3.0/cpd.html)                                | `CPD`                | \n| [_CPPCheck_](http://cppcheck.sourceforge.net/)                                        | `CPPCHECK`           | With `cppcheck test.cpp --output-file=cppcheck.xml --xml`\n| [_CPPLint_](https://github.com/theandrewdavis/cpplint)                                | `CPPLINT`            | \n| [_CSSLint_](https://github.com/CSSLint/csslint)                                       | `CSSLINT`            | \n| [_Checkstyle_](http://checkstyle.sourceforge.net/)                                    | `CHECKSTYLE`         | \n| [_CloudFormation Linter_](https://github.com/aws-cloudformation/cfn-lint)             | `JUNIT`              | `cfn-lint . -f junit --output-file report-junit.xml`\n| [_CodeClimate_](https://codeclimate.com/)                                             | `CODECLIMATE`        | \n| [_CodeNarc_](http://codenarc.sourceforge.net/)                                        | `CODENARC`           | \n| [_Coverity_](https://scan.coverity.com/)                                              | `COVERITY`           | \n| [_Dart_](https://dart.dev/)                                                           | `MACHINE`            | With `dart analyze --format=machine`\n| [_Dependency Check_](https://jeremylong.github.io/DependencyCheck/)                   | `SARIF`              | Using `--format SARIF`\n| [_Detekt_](https://github.com/arturbosch/detekt)                                      | `CHECKSTYLE`         | With `--output-format xml`.\n| [_DocFX_](http://dotnet.github.io/docfx/)                                             | `DOCFX`              | \n| [_Doxygen_](https://www.stack.nl/~dimitri/doxygen/)                                   | `CLANG`              | \n| [_ERB_](https://www.puppetcookbook.com/posts/erb-template-validation.html)            | `CLANG`              | With `erb -P -x -T '-' \"${it}\" \\| ruby -c 2\u003e\u00261 \u003e/dev/null \\| grep '^-' \\| sed -E 's/^-([a-zA-Z0-9:]+)/${filename}\\1 ERROR:/p' \u003e erbfiles.out`.\n| [_ESLint_](https://github.com/sindresorhus/grunt-eslint)                              | `CHECKSTYLE`         | With `format: 'checkstyle'`.\n| [_Findbugs_](http://findbugs.sourceforge.net/)                                        | `FINDBUGS`           | \n| [_Flake8_](http://flake8.readthedocs.org/en/latest/)                                  | `FLAKE8`             | \n| [_FxCop_](https://en.wikipedia.org/wiki/FxCop)                                        | `FXCOP`              | \n| [_GCC_](https://gcc.gnu.org/)                                                         | `CLANG`              | \n| [_GHS_](https://www.ghs.com/)                                                         | `GHS`                | \n| [_Gendarme_](http://www.mono-project.com/docs/tools+libraries/tools/gendarme/)        | `GENDARME`           | \n| [_Generic reporter_]()                                                                | `GENERIC`            | Will create one single violation with all the content as message.\n| [_GoLint_](https://github.com/golang/lint)                                            | `GOLINT`             | \n| [_GoVet_](https://golang.org/cmd/vet/)                                                | `GOLINT`             | Same format as GoLint.\n| [_GolangCI-Lint_](https://github.com/golangci/golangci-lint/)                         | `CHECKSTYLE`         | With `--out-format=checkstyle`.\n| [_GoogleErrorProne_](https://github.com/google/error-prone)                           | `GOOGLEERRORPRONE`   | \n| [_HadoLint_](https://github.com/hadolint/hadolint/)                                   | `CHECKSTYLE`         | With `-f checkstyle`\n| [_IAR_](https://www.iar.com/iar-embedded-workbench/)                                  | `IAR`                | With `--no_wrap_diagnostics`\n| [_Infer_](http://fbinfer.com/)                                                        | `PMD`                | Facebook Infer. With `--pmd-xml`.\n| [_JACOCO_](https://www.jacoco.org/)                                                   | `JACOCO`             | \n| [_JCReport_](https://github.com/jCoderZ/fawkez/wiki/JcReport)                         | `JCREPORT`           | \n| [_JSHint_](http://jshint.com/)                                                        | `JSLINT`             | With `--reporter=jslint` or the CHECKSTYLE parser with `--reporter=checkstyle`\n| [_JUnit_](https://junit.org/junit4/)                                                  | `JUNIT`              | It only contains the failures.\n| [_KTLint_](https://github.com/shyiko/ktlint)                                          | `CHECKSTYLE`         | \n| [_Klocwork_](http://www.klocwork.com/products-services/klocwork/static-code-analysis)  | `KLOCWORK`           | \n| [_KotlinGradle_](https://github.com/JetBrains/kotlin)                                 | `KOTLINGRADLE`       | Output from Kotlin Gradle Plugin.\n| [_KotlinMaven_](https://github.com/JetBrains/kotlin)                                  | `KOTLINMAVEN`        | Output from Kotlin Maven Plugin.\n| [_Lint_]()                                                                            | `LINT`               | A common XML format, used by different linters.\n| [_MSBuildLog_](https://docs.microsoft.com/en-us/visualstudio/msbuild/obtaining-build-logs-with-msbuild?view=vs-2019)  | `MSBULDLOG`          | With `-fileLogger` use `.*msbuild\\\\.log$` as pattern or `-fl -flp:logfile=MyProjectOutput.log;verbosity=diagnostic` for a custom output filename\n| [_MSCpp_](https://visualstudio.microsoft.com/vs/features/cplusplus/)                  | `MSCPP`              | \n| [_Mccabe_](https://pypi.python.org/pypi/mccabe)                                       | `FLAKE8`             | \n| [_MyPy_](https://pypi.python.org/pypi/mypy-lang)                                      | `MYPY`               | \n| [_NullAway_](https://github.com/uber/NullAway)                                        | `GOOGLEERRORPRONE`   | Same format as Google Error Prone.\n| [_PCLint_](http://www.gimpel.com/html/pcl.htm)                                        | `PCLINT`             | PC-Lint using the same output format as the Jenkins warnings plugin, [_details here_](https://wiki.jenkins.io/display/JENKINS/PcLint+options)\n| [_PHPCS_](https://github.com/squizlabs/PHP_CodeSniffer)                               | `CHECKSTYLE`         | With `phpcs api.php --report=checkstyle`.\n| [_PHPPMD_](https://phpmd.org/)                                                        | `PMD`                | With `phpmd api.php xml ruleset.xml`.\n| [_PMD_](https://pmd.github.io/)                                                       | `PMD`                | \n| [_Pep8_](https://github.com/PyCQA/pycodestyle)                                        | `FLAKE8`             | \n| [_PerlCritic_](https://github.com/Perl-Critic)                                        | `PERLCRITIC`         | \n| [_PiTest_](http://pitest.org/)                                                        | `PITEST`             | \n| [_ProtoLint_](https://github.com/yoheimuta/protolint)                                 | `PROTOLINT`          | \n| [_Puppet-Lint_](http://puppet-lint.com/)                                              | `CLANG`              | With `-log-format %{fullpath}:%{line}:%{column}: %{kind}: %{message}`\n| [_PyDocStyle_](https://pypi.python.org/pypi/pydocstyle)                               | `PYDOCSTYLE`         | \n| [_PyFlakes_](https://pypi.python.org/pypi/pyflakes)                                   | `FLAKE8`             | \n| [_PyLint_](https://www.pylint.org/)                                                   | `PYLINT`             | With `pylint --output-format=parseable`.\n| [_ReSharper_](https://www.jetbrains.com/resharper/)                                   | `RESHARPER`          | \n| [_RubyCop_](http://rubocop.readthedocs.io/en/latest/formatters/)                      | `CLANG`              | With `rubycop -f clang file.rb`\n| [_SARIF_](https://github.com/oasis-tcs/sarif-spec)                                    | `SARIF`              | v2.x. Microsoft Visual C# can generate it with `ErrorLog=\"BuildErrors.sarif,version=2\"`.\n| [_SbtScalac_](http://www.scala-sbt.org/)                                              | `SBTSCALAC`          | \n| [_Scalastyle_](http://www.scalastyle.org/)                                            | `CHECKSTYLE`         | \n| [_Semgrep_](https://semgrep.dev/)                                                     | `SEMGREP`            | With `--json`.\n| [_Simian_](http://www.harukizaemon.com/simian/)                                       | `SIMIAN`             | \n| [_Sonar_](https://www.sonarqube.org/)                                                 | `SONAR`              | With `mvn sonar:sonar -Dsonar.analysis.mode=preview -Dsonar.report.export.path=sonar-report.json`. Removed in 7.7, see [SONAR-11670](https://jira.sonarsource.com/browse/SONAR-11670) but can be retrieved with: `curl --silent 'http://sonar-server/api/issues/search?componentKeys=unique-key\u0026resolved=false' \\| jq -f sonar-report-builder.jq \u003e sonar-report.json`.\n| [_Spotbugs_](https://spotbugs.github.io/)                                             | `FINDBUGS`           | \n| [_StyleCop_](https://stylecop.codeplex.com/)                                          | `STYLECOP`           | \n| [_SwiftLint_](https://github.com/realm/SwiftLint)                                     | `CHECKSTYLE`         | With `--reporter checkstyle`.\n| [_TSLint_](https://palantir.github.io/tslint/usage/cli/)                              | `CHECKSTYLE`         | With `-t checkstyle`\n| [_Valgrind_](https://valgrind.org/)                                                   | `VALGRIND`           | With `--xml=yes`.\n| [_XMLLint_](http://xmlsoft.org/xmllint.html)                                          | `XMLLINT`            | \n| [_XUnit_](https://xunit.net/)                                                         | `XUNIT`              | It only contains the failures.\n| [_YAMLLint_](https://yamllint.readthedocs.io/en/stable/index.html)                    | `YAMLLINT`           | With `-f parsable`\n| [_ZPTLint_](https://pypi.python.org/pypi/zptlint)                                     | `ZPTLINT`            |\n\n52 parsers and 79 reporters.\n\nMissing a format? Open an issue [here](https://github.com/tomasbjerre/violations-lib/issues)!\n\n# Usage\n\n```shell\n-comment-only-changed-content, -cocc \u003cboolean\u003e          True if only changed \n                                                        parts of the changed files \n                                                        should be commented. False if \n                                                        all findings on the \n                                                        changed files should be \n                                                        commented.\n                                                        \u003cboolean\u003e: true or false\n                                                        Default: true\n-comment-only-changed-files, -cocf \u003cboolean\u003e            True if only changed \n                                                        files should be commented. \n                                                        False if all findings should \n                                                        be commented.\n                                                        \u003cboolean\u003e: true or false\n                                                        Default: true\n-comment-template \u003cstring\u003e                              https://github.\n                                                        com/tomasbjerre/violation-comments-lib\n                                                        \u003cstring\u003e: any string\n                                                        Default: \n-create-comment-with-all-single-file-comments, -        \u003cboolean\u003e: true or false\nccwasfc \u003cboolean\u003e                                       Default: false\n-create-single-file-comments, -csfc \u003cboolean\u003e           \u003cboolean\u003e: true or false\n                                                        Default: true\n-h, --help \u003cargument-to-print-help-for\u003e                 \u003cargument-to-print-help-for\u003e: an argument to print help for\n                                                        Default: If no specific parameter is given the whole usage text is given\n-keep-old-comments \u003cboolean\u003e                            \u003cboolean\u003e: true or false\n                                                        Default: false\n-max-number-of-violations, -max \u003cinteger\u003e               \u003cinteger\u003e: -2,147,483,648 to 2,147,483,647\n                                                        Default: 2,147,483,647\n-password, -p \u003cstring\u003e                                  You can create an \n                                                        'application password' in Bitbucket \n                                                        to use here. See https:\n                                                        //confluence.atlassian.\n                                                        com/bitbucket/app-passwords-828781300.\n                                                        html\n                                                        \u003cstring\u003e: any string\n                                                        Default: \n-pull-request-id, -prid \u003cstring\u003e                        \u003cstring\u003e: any string [Required]\n-repository-slug, -rs \u003cstring\u003e                          \u003cstring\u003e: any string [Required]\n-severity, -s \u003cSEVERITY\u003e                                Minimum severity level \n                                                        to report.\n                                                        \u003cSEVERITY\u003e: {INFO | WARN | ERROR}\n                                                        Default: INFO\n-show-debug-info                                        Please run your \n                                                        command with this parameter \n                                                        and supply output when \n                                                        reporting bugs.\n                                                        Default: disabled\n-username, -u \u003cstring\u003e                                  \u003cstring\u003e: any string\n                                                        Default: \n--violations, -v \u003cstring\u003e                               The violations to look \n                                                        for. \u003cPARSER\u003e \u003cFOLDER\u003e \n                                                        \u003cREGEXP PATTERN\u003e \u003cNAME\u003e where \n                                                        PARSER is one of: \n                                                        ANDROIDLINT, CHECKSTYLE, CODENARC, \n                                                        CLANG, CPD, CPPCHECK, \n                                                        CPPLINT, CSSLINT, FINDBUGS, \n                                                        FLAKE8, FXCOP, GENDARME, IAR, \n                                                        JCREPORT, JSHINT, JUNIT, LINT, \n                                                        KLOCWORK, KOTLINMAVEN, \n                                                        KOTLINGRADLE, MSCPP, MYPY, GOLINT, \n                                                        GOOGLEERRORPRONE, PERLCRITIC, PITEST, \n                                                        PMD, PYDOCSTYLE, PYLINT, \n                                                        RESHARPER, SBTSCALAC, SIMIAN, \n                                                        SONAR, STYLECOP, XMLLINT, \n                                                        YAMLLINT, ZPTLINT, DOCFX, PCLINT\n                                                        \n                                                         Example: -v \"JSHINT\" \n                                                        \".\" \".*/jshint.xml$\" \n                                                        \"JSHint\" [Supports Multiple occurrences]\n                                                        \u003cstring\u003e: any string\n                                                        Default: Empty list\n-workspace, -ws \u003cstring\u003e                                The workspace is \n                                                        typically same as username. [Required]\n                                                        \u003cstring\u003e: any string\n```\n\nCheckout the [Violations Lib](https://github.com/tomasbjerre/violations-lib) for more documentation.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftomasbjerre%2Fviolation-comments-to-bitbucket-cloud-command-line","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftomasbjerre%2Fviolation-comments-to-bitbucket-cloud-command-line","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftomasbjerre%2Fviolation-comments-to-bitbucket-cloud-command-line/lists"}