{"id":20428285,"url":"https://github.com/tomasbjerre/violations-gradle-plugin","last_synced_at":"2025-07-27T03:33:30.595Z","repository":{"id":47527292,"uuid":"115260334","full_name":"tomasbjerre/violations-gradle-plugin","owner":"tomasbjerre","description":"Gradle plugin that will find report files from static code analysis, present and optionally fail the build.","archived":false,"fork":false,"pushed_at":"2025-07-14T06:39:25.000Z","size":387,"stargazers_count":18,"open_issues_count":6,"forks_count":9,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-07-14T09:37:15.990Z","etag":null,"topics":["checkstyle","cpd","csslint","findbugs","golint","jshint","lint","pmd","static-analysis"],"latest_commit_sha":null,"homepage":"https://plugins.gradle.org/plugin/se.bjurr.violations.violations-gradle-plugin","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tomasbjerre.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":["tomasbjerre"]}},"created_at":"2017-12-24T12:05:43.000Z","updated_at":"2025-07-14T06:39:28.000Z","dependencies_parsed_at":"2024-03-24T18:30:43.550Z","dependency_job_id":"d417f193-d30f-4503-bac0-16580142c2da","html_url":"https://github.com/tomasbjerre/violations-gradle-plugin","commit_stats":null,"previous_names":[],"tags_count":81,"template":false,"template_full_name":null,"purl":"pkg:github/tomasbjerre/violations-gradle-plugin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomasbjerre%2Fviolations-gradle-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomasbjerre%2Fviolations-gradle-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomasbjerre%2Fviolations-gradle-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomasbjerre%2Fviolations-gradle-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tomasbjerre","download_url":"https://codeload.github.com/tomasbjerre/violations-gradle-plugin/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomasbjerre%2Fviolations-gradle-plugin/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267294180,"owners_count":24065343,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-27T02:00:11.917Z","response_time":82,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["checkstyle","cpd","csslint","findbugs","golint","jshint","lint","pmd","static-analysis"],"created_at":"2024-11-15T07:24:59.372Z","updated_at":"2025-07-27T03:33:30.572Z","avatar_url":"https://github.com/tomasbjerre.png","language":"Java","funding_links":["https://github.com/sponsors/tomasbjerre"],"categories":[],"sub_categories":[],"readme":"# Violations Gradle Plugin\n\nThis is a Gradle plugin for [Violations Lib](https://github.com/tomasbjerre/violations-lib). There is also a [Maven plugin](https://github.com/tomasbjerre/violations-maven-plugin) for this.\n\n| Version | Java Version |\n| ------------------| ------------ |\n| version \u003c 2.0.0 | 8 |\n| 2.0.0 \u003c= version | 11 |\n\nPublished to [plugins.gradle.org](https://plugins.gradle.org/plugin/se.bjurr.violations.violations-gradle-plugin).\n\nIt can parse results from static code analysis and:\n\n- Report violations in the build log.\n- Optionally fail the build depending on violations found.\n\nYou can also do this with a [command line tool](https://www.npmjs.com/package/violations-command-line).\n\nA snippet of the output may look like this:\n\n```sh\n...\nse/bjurr/violations/lib/example/OtherClass.java\n╔══════════╤════════════╤══════════╤══════╤════════════════════════════════════════════════════╗\n║ Reporter │ Rule │ Severity │ Line │ Message ║\n╠══════════╪════════════╪══════════╪══════╪════════════════════════════════════════════════════╣\n║ Findbugs │ MS_SHOULD_ │ INFO │ 7 │ Field isn't final but should be ║\n║ │ BE_FINAL │ │ │ ║\n║ │ │ │ │ ║\n║ │ │ │ │ \u003cp\u003e ║\n║ │ │ │ │ This static field public but not final, and ║\n║ │ │ │ │ could be changed by malicious code or ║\n║ │ │ │ │ by accident from another package. ║\n║ │ │ │ │ The field could be made final to avoid ║\n║ │ │ │ │ this vulnerability.\u003c/p\u003e ║\n╟──────────┼────────────┼──────────┼──────┼────────────────────────────────────────────────────╢\n║ Findbugs │ NM_FIELD_N │ INFO │ 6 │ Field names should start with a lower case letter ║\n║ │ AMING_CONV │ │ │ ║\n║ │ ENTION │ │ │ ║\n║ │ │ │ │ \u003cp\u003e ║\n║ │ │ │ │ Names of fields that are not final should be in mi ║\n║ │ │ │ │ xed case with a lowercase first letter and the fir ║\n║ │ │ │ │ st letters of subsequent words capitalized. ║\n║ │ │ │ │ \u003c/p\u003e ║\n╚══════════╧════════════╧══════════╧══════╧════════════════════════════════════════════════════╝\n\nSummary of se/bjurr/violations/lib/example/OtherClass.java\n╔══════════╤══════╤══════╤═══════╤═══════╗\n║ Reporter │ INFO │ WARN │ ERROR │ Total ║\n╠══════════╪══════╪══════╪═══════╪═══════╣\n║ Findbugs │ 2 │ 0 │ 0 │ 2 ║\n╟──────────┼──────┼──────┼───────┼───────╢\n║ │ 2 │ 0 │ 0 │ 2 ║\n╚══════════╧══════╧══════╧═══════╧═══════╝\n\n\nSummary\n╔════════════╤══════╤══════╤═══════╤═══════╗\n║ Reporter │ INFO │ WARN │ ERROR │ Total ║\n╠════════════╪══════╪══════╪═══════╪═══════╣\n║ Checkstyle │ 4 │ 1 │ 1 │ 6 ║\n╟────────────┼──────┼──────┼───────┼───────╢\n║ Findbugs │ 2 │ 2 │ 5 │ 9 ║\n╟────────────┼──────┼──────┼───────┼───────╢\n║ │ 6 │ 3 │ 6 │ 15 ║\n╚════════════╧══════╧══════╧═══════╧═══════╝\n```\n\nExample of supported reports are available [here](https://github.com/tomasbjerre/violations-lib/tree/master/src/test/resources).\n\nA number of **parsers** have been implemented. Some **parsers** can parse output from several **reporters**.\n\n| Reporter | Parser | Notes\n| --- | --- | ---\n| [_ARM-GCC_](https://developer.arm.com/open-source/gnu-toolchain/gnu-rm) | `CLANG` | \n| [_AndroidLint_](http://developer.android.com/tools/help/lint.html) | `ANDROIDLINT` | \n| [_Ansible-Later_](https://github.com/thegeeklab/ansible-later) | `ANSIBLELATER` | With `json` format\n| [_AnsibleLint_](https://github.com/willthames/ansible-lint) | `FLAKE8` | With `-p`\n| [_Bandit_](https://github.com/PyCQA/bandit) | `CLANG` | With `bandit -r examples/ -f custom -o bandit.out --msg-template \"{abspath}:{line}: {severity}: {test_id}: {msg}\"`\n| [_CLang_](https://clang-analyzer.llvm.org/) | `CLANG` | \n| [_CPD_](http://pmd.sourceforge.net/pmd-4.3.0/cpd.html) | `CPD` | \n| [_CPPCheck_](http://cppcheck.sourceforge.net/) | `CPPCHECK` | With `cppcheck test.cpp --output-file=cppcheck.xml --xml`\n| [_CPPLint_](https://github.com/theandrewdavis/cpplint) | `CPPLINT` | \n| [_CSSLint_](https://github.com/CSSLint/csslint) | `CSSLINT` | \n| [_Checkstyle_](http://checkstyle.sourceforge.net/) | `CHECKSTYLE` | \n| [_CloudFormation Linter_](https://github.com/aws-cloudformation/cfn-lint) | `JUNIT` | `cfn-lint . -f junit --output-file report-junit.xml`\n| [_CodeClimate_](https://codeclimate.com/) | `CODECLIMATE` | \n| [_CodeNarc_](http://codenarc.sourceforge.net/) | `CODENARC` | \n| [_Coverity_](https://scan.coverity.com/) | `COVERITY` | \n| [_Dart_](https://dart.dev/) | `MACHINE` | With `dart analyze --format=machine`\n| [_Dependency Check_](https://jeremylong.github.io/DependencyCheck/) | `SARIF` | Using `--format SARIF`\n| [_Detekt_](https://github.com/arturbosch/detekt) | `CHECKSTYLE` | With `--output-format xml`.\n| [_DocFX_](http://dotnet.github.io/docfx/) | `DOCFX` | \n| [_Doxygen_](https://www.stack.nl/~dimitri/doxygen/) | `CLANG` | \n| [_ERB_](https://www.puppetcookbook.com/posts/erb-template-validation.html) | `CLANG` | With `erb -P -x -T '-' \"${it}\" \\| ruby -c 2\u003e\u00261 \u003e/dev/null \\| grep '^-' \\| sed -E 's/^-([a-zA-Z0-9:]+)/${filename}\\1 ERROR:/p' \u003e erbfiles.out`.\n| [_ESLint_](https://github.com/sindresorhus/grunt-eslint) | `CHECKSTYLE` | With `format: 'checkstyle'`.\n| [_Findbugs_](http://findbugs.sourceforge.net/) | `FINDBUGS` | \n| [_Flake8_](http://flake8.readthedocs.org/en/latest/) | `FLAKE8` | \n| [_FxCop_](https://en.wikipedia.org/wiki/FxCop) | `FXCOP` | \n| [_GCC_](https://gcc.gnu.org/) | `CLANG` | \n| [_GHS_](https://www.ghs.com/) | `GHS` | \n| [_Gendarme_](http://www.mono-project.com/docs/tools+libraries/tools/gendarme/) | `GENDARME` | \n| [_Generic reporter_]() | `GENERIC` | Will create one single violation with all the content as message.\n| [_GoLint_](https://github.com/golang/lint) | `GOLINT` | \n| [_GoVet_](https://golang.org/cmd/vet/) | `GOLINT` | Same format as GoLint.\n| [_GolangCI-Lint_](https://github.com/golangci/golangci-lint/) | `CHECKSTYLE` | With `--out-format=checkstyle`.\n| [_GoogleErrorProne_](https://github.com/google/error-prone) | `GOOGLEERRORPRONE` | \n| [_HadoLint_](https://github.com/hadolint/hadolint/) | `CHECKSTYLE` | With `-f checkstyle`\n| [_IAR_](https://www.iar.com/iar-embedded-workbench/) | `IAR` | With `--no_wrap_diagnostics`\n| [_Infer_](http://fbinfer.com/) | `PMD` | Facebook Infer. With `--pmd-xml`.\n| [_JACOCO_](https://www.jacoco.org/) | `JACOCO` | \n| [_JCReport_](https://github.com/jCoderZ/fawkez/wiki/JcReport) | `JCREPORT` | \n| [_JSHint_](http://jshint.com/) | `JSLINT` | With `--reporter=jslint` or the CHECKSTYLE parser with `--reporter=checkstyle`\n| [_JUnit_](https://junit.org/junit4/) | `JUNIT` | It only contains the failures.\n| [_KTLint_](https://github.com/shyiko/ktlint) | `CHECKSTYLE` | \n| [_Klocwork_](http://www.klocwork.com/products-services/klocwork/static-code-analysis) | `KLOCWORK` | \n| [_KotlinGradle_](https://github.com/JetBrains/kotlin) | `KOTLINGRADLE` | Output from Kotlin Gradle Plugin.\n| [_KotlinMaven_](https://github.com/JetBrains/kotlin) | `KOTLINMAVEN` | Output from Kotlin Maven Plugin.\n| [_Lint_]() | `LINT` | A common XML format, used by different linters.\n| [_MSBuildLog_](https://docs.microsoft.com/en-us/visualstudio/msbuild/obtaining-build-logs-with-msbuild?view=vs-2019) | `MSBULDLOG` | With `-fileLogger` use `.*msbuild\\\\.log$` as pattern or `-fl -flp:logfile=MyProjectOutput.log;verbosity=diagnostic` for a custom output filename\n| [_MSCpp_](https://visualstudio.microsoft.com/vs/features/cplusplus/) | `MSCPP` | \n| [_Mccabe_](https://pypi.python.org/pypi/mccabe) | `FLAKE8` | \n| [_MyPy_](https://pypi.python.org/pypi/mypy-lang) | `MYPY` | \n| [_NullAway_](https://github.com/uber/NullAway) | `GOOGLEERRORPRONE` | Same format as Google Error Prone.\n| [_PCLint_](http://www.gimpel.com/html/pcl.htm) | `PCLINT` | PC-Lint using the same output format as the Jenkins warnings plugin, [_details here_](https://wiki.jenkins.io/display/JENKINS/PcLint+options)\n| [_PHPCS_](https://github.com/squizlabs/PHP_CodeSniffer) | `CHECKSTYLE` | With `phpcs api.php --report=checkstyle`.\n| [_PHPPMD_](https://phpmd.org/) | `PMD` | With `phpmd api.php xml ruleset.xml`.\n| [_PMD_](https://pmd.github.io/) | `PMD` | \n| [_Pep8_](https://github.com/PyCQA/pycodestyle) | `FLAKE8` | \n| [_PerlCritic_](https://github.com/Perl-Critic) | `PERLCRITIC` | \n| [_PiTest_](http://pitest.org/) | `PITEST` | \n| [_ProtoLint_](https://github.com/yoheimuta/protolint) | `PROTOLINT` | \n| [_Puppet-Lint_](http://puppet-lint.com/) | `CLANG` | With `-log-format %{fullpath}:%{line}:%{column}: %{kind}: %{message}`\n| [_PyDocStyle_](https://pypi.python.org/pypi/pydocstyle) | `PYDOCSTYLE` | \n| [_PyFlakes_](https://pypi.python.org/pypi/pyflakes) | `FLAKE8` | \n| [_PyLint_](https://www.pylint.org/) | `PYLINT` | With `pylint --output-format=parseable`.\n| [_ReSharper_](https://www.jetbrains.com/resharper/) | `RESHARPER` | \n| [_RubyCop_](http://rubocop.readthedocs.io/en/latest/formatters/) | `CLANG` | With `rubycop -f clang file.rb`\n| [_SARIF_](https://github.com/oasis-tcs/sarif-spec) | `SARIF` | v2.x. Microsoft Visual C# can generate it with `ErrorLog=\"BuildErrors.sarif,version=2\"`.\n| [_SbtScalac_](http://www.scala-sbt.org/) | `SBTSCALAC` | \n| [_Scalastyle_](http://www.scalastyle.org/) | `CHECKSTYLE` | \n| [_Semgrep_](https://semgrep.dev/) | `SEMGREP` | With `--json`.\n| [_Simian_](http://www.harukizaemon.com/simian/) | `SIMIAN` | \n| [_Sonar_](https://www.sonarqube.org/) | `SONAR` | With `mvn sonar:sonar -Dsonar.analysis.mode=preview -Dsonar.report.export.path=sonar-report.json`. Removed in 7.7, see [SONAR-11670](https://jira.sonarsource.com/browse/SONAR-11670) but can be retrieved with: `curl --silent 'http://sonar-server/api/issues/search?componentKeys=unique-key\u0026resolved=false' \\| jq -f sonar-report-builder.jq \u003e sonar-report.json`.\n| [_Spotbugs_](https://spotbugs.github.io/) | `FINDBUGS` | \n| [_StyleCop_](https://stylecop.codeplex.com/) | `STYLECOP` | \n| [_SwiftLint_](https://github.com/realm/SwiftLint) | `CHECKSTYLE` | With `--reporter checkstyle`.\n| [_TSLint_](https://palantir.github.io/tslint/usage/cli/) | `CHECKSTYLE` | With `-t checkstyle`\n| [_Valgrind_](https://valgrind.org/) | `VALGRIND` | With `--xml=yes`.\n| [_XMLLint_](http://xmlsoft.org/xmllint.html) | `XMLLINT` | \n| [_XUnit_](https://xunit.net/) | `XUNIT` | It only contains the failures.\n| [_YAMLLint_](https://yamllint.readthedocs.io/en/stable/index.html) | `YAMLLINT` | With `-f parsable`\n| [_ZPTLint_](https://pypi.python.org/pypi/zptlint) | `ZPTLINT` |\n\n52 parsers and 79 reporters.\n\nMissing a format? Open an issue [here](https://github.com/tomasbjerre/violations-lib/issues)!\n\n## Usage\n\nThere is a running example [here](https://github.com/tomasbjerre/violations-gradle-plugin/tree/master/violations-gradle-plugin-example).\n\nHaving the following in the build script will make the plugin run with `./gradlew build`.\n\n```gradle\nplugins {\n id \"se.bjurr.violations.violations-gradle-plugin\" version \"X\"\n}\n\ntask violations(type: se.bjurr.violations.gradle.plugin.ViolationsTask) {\n //\n // Optional config\n //\n maxReporterColumnWidth.set(0) // 0 is disabled\n maxRuleColumnWidth.set(10)\n maxSeverityColumnWidth.set(0)\n maxLineColumnWidth.set(0)\n maxMessageColumnWidth.set(50)\n codeClimateFile.set(file('code-climate-file.json')) // Will create a CodeClimate JSON report.\n violationsFile.set(file('violations-file.json')) // Will create a normalized JSON report.\n\n //\n // Global configuration, remove if you dont want to report violations for\n // the entire repo.\n //\n minSeverity.set(se.bjurr.violations.lib.model.SEVERITY.INFO) // INFO, WARN or ERROR\n detailLevel.set(se.bjurr.violations.git.ViolationsReporterDetailLevel.VERBOSE) // PER_FILE_COMPACT, COMPACT or VERBOSE\n maxViolations.set(99999999) // Will fail the build if total number of found violations is higher\n printViolations.set(true) // Will print violations found in diff\n\n\n //\n // Diff configuration, remove if you dont want to report violations for\n // files changed between specific revisions.\n //\n // diff-properties can be supplied with something like:\n //\n // ./gradlew violations -i -PdiffFrom=e4de20e -PdiffTo=HEAD\n //\n // And in Travis, you could add:\n //\n // script:\n // - 'if [ \"$TRAVIS_PULL_REQUEST\" != \"false\" ]; then bash ./gradlew check -PdiffFrom=$TRAVIS_PULL_REQUEST_BRANCH -PdiffTo=$TRAVIS_BRANCH ; fi'\n //\n diffFrom.set(project.properties.diffFrom) // Can be empty (ignored), Git-commit or any Git-reference\n diffTo.set(project.properties.diffTo) // Same as above\n diffMinSeverity.set(se.bjurr.violations.lib.model.SEVERITY.INFO) // INFO, WARN or ERROR\n diffDetailLevel.set(se.bjurr.violations.git.ViolationsReporterDetailLevel.VERBOSE) // PER_FILE_COMPACT, COMPACT or VERBOSE\n diffMaxViolations.set(99) // Will fail the build if number of violations, in the diff within from/to, is higher\n diffPrintViolations.set(true) // Will print violations found in diff\n gitRepo.set(file('.')) // Where to look for Git\n\n\n //\n // This is mandatory regardless of if you want to report violations between\n // revisions or the entire repo.\n //\n // Many more formats available, see: https://github.com/tomasbjerre/violations-lib\n violationConfig()\n .setFolder(projectDir.path)\n .setParser(se.bjurr.violations.lib.reports.Parser.FINDBUGS)\n .setPattern(\".*/findbugs/.*\\\\.xml\\$\")\n .setReporter(\"Findbugs\")\n violationConfig()\n .setFolder(projectDir.path)\n .setParser(se.bjurr.violations.lib.reports.Parser.PMD)\n .setPattern(\".*/pmd/.*\\\\.xml\\$\")\n .setReporter(\"PMD\")\n}\n\ncheck.finalizedBy violations\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftomasbjerre%2Fviolations-gradle-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftomasbjerre%2Fviolations-gradle-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftomasbjerre%2Fviolations-gradle-plugin/lists"}