{"id":20428300,"url":"https://github.com/tomasbjerre/violations-maven-plugin","last_synced_at":"2025-08-04T12:36:00.103Z","repository":{"id":57742907,"uuid":"115271735","full_name":"tomasbjerre/violations-maven-plugin","owner":"tomasbjerre","description":"Maven plugin that will find report files from static code analysis, present and optionally fail the build.","archived":false,"fork":false,"pushed_at":"2025-07-28T11:17:28.000Z","size":259,"stargazers_count":4,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-07-28T12:46:42.087Z","etag":null,"topics":["checkstyle","csslint","detekt","findbugs","golint","jshint","lint","pmd","static-analysis"],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tomasbjerre.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":["tomasbjerre"]}},"created_at":"2017-12-24T15:29:29.000Z","updated_at":"2025-07-28T11:17:31.000Z","dependencies_parsed_at":"2024-11-15T07:27:27.346Z","dependency_job_id":"e2a2d52b-4eed-4d61-969f-2ec4b560d9b6","html_url":"https://github.com/tomasbjerre/violations-maven-plugin","commit_stats":null,"previous_names":[],"tags_count":74,"template":false,"template_full_name":null,"purl":"pkg:github/tomasbjerre/violations-maven-plugin","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomasbjerre%2Fviolations-maven-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomasbjerre%2Fviolations-maven-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomasbjerre%2Fviolations-maven-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomasbjerre%2Fviolations-maven-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tomasbjerre","download_url":"https://codeload.github.com/tomasbjerre/violations-maven-plugin/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tomasbjerre%2Fviolations-maven-plugin/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":268696929,"owners_count":24292386,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-04T02:00:09.867Z","response_time":79,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["checkstyle","csslint","detekt","findbugs","golint","jshint","lint","pmd","static-analysis"],"created_at":"2024-11-15T07:25:05.495Z","updated_at":"2025-08-04T12:35:59.942Z","avatar_url":"https://github.com/tomasbjerre.png","language":"Java","funding_links":["https://github.com/sponsors/tomasbjerre"],"categories":[],"sub_categories":[],"readme":"# Violations Maven Plugin\n[![Maven Central](https://maven-badges.herokuapp.com/maven-central/se.bjurr.violations/violations-maven-plugin/badge.svg)](https://maven-badges.herokuapp.com/maven-central/se.bjurr.violations/violations-maven-plugin)\n\n| Version | Java Version |\n| ------------------| ------------ |\n| version \u003c 2.2.0 | 8 |\n| 2.2.0 \u003c= version | 11 |\n\nThis is a Maven plugin for [Violations Lib](https://github.com/tomasbjerre/violations-lib). There is also a [Gradle plugin](https://github.com/tomasbjerre/violations-gradle-plugin) and a [command line tool](https://www.npmjs.com/package/violations-command-line).\n\nIt can parse results from static code analysis and:\n\n * Report violations in the build log.\n * Optionally fail the build depending on violations found.\n\nA snippet of the output may look like this:\n```\nse/bjurr/violations/lib/example/OtherClass.java\n╔══════════╤════════════╤══════════╤══════╤════════════════════════════════════════════════════╗\n║ Reporter │ Rule │ Severity │ Line │ Message ║\n╠══════════╪════════════╪══════════╪══════╪════════════════════════════════════════════════════╣\n║ Findbugs │ MS_SHOULD_ │ INFO │ 7 │ Field isn't final but should be ║\n║ │ BE_FINAL │ │ │ ║\n║ │ │ │ │ ║\n║ │ │ │ │ \u003cp\u003e ║\n║ │ │ │ │ This static field public but not final, and ║\n║ │ │ │ │ could be changed by malicious code or ║\n║ │ │ │ │ by accident from another package. ║\n║ │ │ │ │ The field could be made final to avoid ║\n║ │ │ │ │ this vulnerability.\u003c/p\u003e ║\n╟──────────┼────────────┼──────────┼──────┼────────────────────────────────────────────────────╢\n║ Findbugs │ NM_FIELD_N │ INFO │ 6 │ Field names should start with a lower case letter ║\n║ │ AMING_CONV │ │ │ ║\n║ │ ENTION │ │ │ ║\n║ │ │ │ │ \u003cp\u003e ║\n║ │ │ │ │ Names of fields that are not final should be in mi ║\n║ │ │ │ │ xed case with a lowercase first letter and the fir ║\n║ │ │ │ │ st letters of subsequent words capitalized. ║\n║ │ │ │ │ \u003c/p\u003e ║\n╚══════════╧════════════╧══════════╧══════╧════════════════════════════════════════════════════╝\n\nSummary of se/bjurr/violations/lib/example/OtherClass.java\n╔══════════╤══════╤══════╤═══════╤═══════╗\n║ Reporter │ INFO │ WARN │ ERROR │ Total ║\n╠══════════╪══════╪══════╪═══════╪═══════╣\n║ Findbugs │ 2 │ 0 │ 0 │ 2 ║\n╟──────────┼──────┼──────┼───────┼───────╢\n║ │ 2 │ 0 │ 0 │ 2 ║\n╚══════════╧══════╧══════╧═══════╧═══════╝\n\n\nSummary\n╔════════════╤══════╤══════╤═══════╤═══════╗\n║ Reporter │ INFO │ WARN │ ERROR │ Total ║\n╠════════════╪══════╪══════╪═══════╪═══════╣\n║ Checkstyle │ 4 │ 1 │ 1 │ 6 ║\n╟────────────┼──────┼──────┼───────┼───────╢\n║ Findbugs │ 2 │ 2 │ 5 │ 9 ║\n╟────────────┼──────┼──────┼───────┼───────╢\n║ │ 6 │ 3 │ 6 │ 15 ║\n╚════════════╧══════╧══════╧═══════╧═══════╝\n```\n\nExample of supported reports are available [here](https://github.com/tomasbjerre/violations-lib/tree/master/src/test/resources).\n\nA number of **parsers** have been implemented. Some **parsers** can parse output from several **reporters**.\n\n| Reporter | Parser | Notes\n| --- | --- | ---\n| [_ARM-GCC_](https://developer.arm.com/open-source/gnu-toolchain/gnu-rm) | `CLANG` | \n| [_AndroidLint_](http://developer.android.com/tools/help/lint.html) | `ANDROIDLINT` | \n| [_Ansible-Later_](https://github.com/thegeeklab/ansible-later) | `ANSIBLELATER` | With `json` format\n| [_AnsibleLint_](https://github.com/willthames/ansible-lint) | `FLAKE8` | With `-p`\n| [_Bandit_](https://github.com/PyCQA/bandit) | `CLANG` | With `bandit -r examples/ -f custom -o bandit.out --msg-template \"{abspath}:{line}: {severity}: {test_id}: {msg}\"`\n| [_CLang_](https://clang-analyzer.llvm.org/) | `CLANG` | \n| [_CPD_](http://pmd.sourceforge.net/pmd-4.3.0/cpd.html) | `CPD` | \n| [_CPPCheck_](http://cppcheck.sourceforge.net/) | `CPPCHECK` | With `cppcheck test.cpp --output-file=cppcheck.xml --xml`\n| [_CPPLint_](https://github.com/theandrewdavis/cpplint) | `CPPLINT` | \n| [_CSSLint_](https://github.com/CSSLint/csslint) | `CSSLINT` | \n| [_Checkstyle_](http://checkstyle.sourceforge.net/) | `CHECKSTYLE` | \n| [_CloudFormation Linter_](https://github.com/aws-cloudformation/cfn-lint) | `JUNIT` | `cfn-lint . -f junit --output-file report-junit.xml`\n| [_CodeClimate_](https://codeclimate.com/) | `CODECLIMATE` | \n| [_CodeNarc_](http://codenarc.sourceforge.net/) | `CODENARC` | \n| [_Coverity_](https://scan.coverity.com/) | `COVERITY` | \n| [_Dart_](https://dart.dev/) | `MACHINE` | With `dart analyze --format=machine`\n| [_Dependency Check_](https://jeremylong.github.io/DependencyCheck/) | `SARIF` | Using `--format SARIF`\n| [_Detekt_](https://github.com/arturbosch/detekt) | `CHECKSTYLE` | With `--output-format xml`.\n| [_DocFX_](http://dotnet.github.io/docfx/) | `DOCFX` | \n| [_Doxygen_](https://www.stack.nl/~dimitri/doxygen/) | `CLANG` | \n| [_ERB_](https://www.puppetcookbook.com/posts/erb-template-validation.html) | `CLANG` | With `erb -P -x -T '-' \"${it}\" \\| ruby -c 2\u003e\u00261 \u003e/dev/null \\| grep '^-' \\| sed -E 's/^-([a-zA-Z0-9:]+)/${filename}\\1 ERROR:/p' \u003e erbfiles.out`.\n| [_ESLint_](https://github.com/sindresorhus/grunt-eslint) | `CHECKSTYLE` | With `format: 'checkstyle'`.\n| [_Findbugs_](http://findbugs.sourceforge.net/) | `FINDBUGS` | \n| [_Flake8_](http://flake8.readthedocs.org/en/latest/) | `FLAKE8` | \n| [_FxCop_](https://en.wikipedia.org/wiki/FxCop) | `FXCOP` | \n| [_GCC_](https://gcc.gnu.org/) | `CLANG` | \n| [_GHS_](https://www.ghs.com/) | `GHS` | \n| [_Gendarme_](http://www.mono-project.com/docs/tools+libraries/tools/gendarme/) | `GENDARME` | \n| [_Generic reporter_]() | `GENERIC` | Will create one single violation with all the content as message.\n| [_GoLint_](https://github.com/golang/lint) | `GOLINT` | \n| [_GoVet_](https://golang.org/cmd/vet/) | `GOLINT` | Same format as GoLint.\n| [_GolangCI-Lint_](https://github.com/golangci/golangci-lint/) | `CHECKSTYLE` | With `--out-format=checkstyle`.\n| [_GoogleErrorProne_](https://github.com/google/error-prone) | `GOOGLEERRORPRONE` | \n| [_HadoLint_](https://github.com/hadolint/hadolint/) | `CHECKSTYLE` | With `-f checkstyle`\n| [_IAR_](https://www.iar.com/iar-embedded-workbench/) | `IAR` | With `--no_wrap_diagnostics`\n| [_Infer_](http://fbinfer.com/) | `PMD` | Facebook Infer. With `--pmd-xml`.\n| [_JACOCO_](https://www.jacoco.org/) | `JACOCO` | \n| [_JCReport_](https://github.com/jCoderZ/fawkez/wiki/JcReport) | `JCREPORT` | \n| [_JSHint_](http://jshint.com/) | `JSLINT` | With `--reporter=jslint` or the CHECKSTYLE parser with `--reporter=checkstyle`\n| [_JUnit_](https://junit.org/junit4/) | `JUNIT` | It only contains the failures.\n| [_KTLint_](https://github.com/shyiko/ktlint) | `CHECKSTYLE` | \n| [_Klocwork_](http://www.klocwork.com/products-services/klocwork/static-code-analysis) | `KLOCWORK` | \n| [_KotlinGradle_](https://github.com/JetBrains/kotlin) | `KOTLINGRADLE` | Output from Kotlin Gradle Plugin.\n| [_KotlinMaven_](https://github.com/JetBrains/kotlin) | `KOTLINMAVEN` | Output from Kotlin Maven Plugin.\n| [_Lint_]() | `LINT` | A common XML format, used by different linters.\n| [_MSBuildLog_](https://docs.microsoft.com/en-us/visualstudio/msbuild/obtaining-build-logs-with-msbuild?view=vs-2019) | `MSBULDLOG` | With `-fileLogger` use `.*msbuild\\\\.log$` as pattern or `-fl -flp:logfile=MyProjectOutput.log;verbosity=diagnostic` for a custom output filename\n| [_MSCpp_](https://visualstudio.microsoft.com/vs/features/cplusplus/) | `MSCPP` | \n| [_Mccabe_](https://pypi.python.org/pypi/mccabe) | `FLAKE8` | \n| [_MyPy_](https://pypi.python.org/pypi/mypy-lang) | `MYPY` | \n| [_NullAway_](https://github.com/uber/NullAway) | `GOOGLEERRORPRONE` | Same format as Google Error Prone.\n| [_PCLint_](http://www.gimpel.com/html/pcl.htm) | `PCLINT` | PC-Lint using the same output format as the Jenkins warnings plugin, [_details here_](https://wiki.jenkins.io/display/JENKINS/PcLint+options)\n| [_PHPCS_](https://github.com/squizlabs/PHP_CodeSniffer) | `CHECKSTYLE` | With `phpcs api.php --report=checkstyle`.\n| [_PHPPMD_](https://phpmd.org/) | `PMD` | With `phpmd api.php xml ruleset.xml`.\n| [_PMD_](https://pmd.github.io/) | `PMD` | \n| [_Pep8_](https://github.com/PyCQA/pycodestyle) | `FLAKE8` | \n| [_PerlCritic_](https://github.com/Perl-Critic) | `PERLCRITIC` | \n| [_PiTest_](http://pitest.org/) | `PITEST` | \n| [_ProtoLint_](https://github.com/yoheimuta/protolint) | `PROTOLINT` | \n| [_Puppet-Lint_](http://puppet-lint.com/) | `CLANG` | With `-log-format %{fullpath}:%{line}:%{column}: %{kind}: %{message}`\n| [_PyDocStyle_](https://pypi.python.org/pypi/pydocstyle) | `PYDOCSTYLE` | \n| [_PyFlakes_](https://pypi.python.org/pypi/pyflakes) | `FLAKE8` | \n| [_PyLint_](https://www.pylint.org/) | `PYLINT` | With `pylint --output-format=parseable`.\n| [_ReSharper_](https://www.jetbrains.com/resharper/) | `RESHARPER` | \n| [_RubyCop_](http://rubocop.readthedocs.io/en/latest/formatters/) | `CLANG` | With `rubycop -f clang file.rb`\n| [_SARIF_](https://github.com/oasis-tcs/sarif-spec) | `SARIF` | v2.x. Microsoft Visual C# can generate it with `ErrorLog=\"BuildErrors.sarif,version=2\"`.\n| [_SbtScalac_](http://www.scala-sbt.org/) | `SBTSCALAC` | \n| [_Scalastyle_](http://www.scalastyle.org/) | `CHECKSTYLE` | \n| [_Semgrep_](https://semgrep.dev/) | `SEMGREP` | With `--json`.\n| [_Simian_](http://www.harukizaemon.com/simian/) | `SIMIAN` | \n| [_Sonar_](https://www.sonarqube.org/) | `SONAR` | With `mvn sonar:sonar -Dsonar.analysis.mode=preview -Dsonar.report.export.path=sonar-report.json`. Removed in 7.7, see [SONAR-11670](https://jira.sonarsource.com/browse/SONAR-11670) but can be retrieved with: `curl --silent 'http://sonar-server/api/issues/search?componentKeys=unique-key\u0026resolved=false' \\| jq -f sonar-report-builder.jq \u003e sonar-report.json`.\n| [_Spotbugs_](https://spotbugs.github.io/) | `FINDBUGS` | \n| [_StyleCop_](https://stylecop.codeplex.com/) | `STYLECOP` | \n| [_SwiftLint_](https://github.com/realm/SwiftLint) | `CHECKSTYLE` | With `--reporter checkstyle`.\n| [_TSLint_](https://palantir.github.io/tslint/usage/cli/) | `CHECKSTYLE` | With `-t checkstyle`\n| [_Valgrind_](https://valgrind.org/) | `VALGRIND` | With `--xml=yes`.\n| [_XMLLint_](http://xmlsoft.org/xmllint.html) | `XMLLINT` | \n| [_XUnit_](https://xunit.net/) | `XUNIT` | It only contains the failures.\n| [_YAMLLint_](https://yamllint.readthedocs.io/en/stable/index.html) | `YAMLLINT` | With `-f parsable`\n| [_ZPTLint_](https://pypi.python.org/pypi/zptlint) | `ZPTLINT` |\n\n52 parsers and 79 reporters.\n\nMissing a format? Open an issue [here](https://github.com/tomasbjerre/violations-lib/issues)!\n\n## Usage ##\nThere is a running example [here](https://github.com/tomasbjerre/violations-maven-plugin/tree/master/violations-maven-plugin-example). See also [bjurr-bom](https://github.com/tomasbjerre/bjurr-bom).\n\nThe plugin needs to run after any static code analysis tools, so put it after them in the pom. Having the following in the pom will make the plugin run with `mvn validate`: \n\n```\n \u003cplugins\u003e\n \u003cplugin\u003e\n \u003cgroupId\u003eorg.codehaus.mojo\u003c/groupId\u003e\n \u003cartifactId\u003efindbugs-maven-plugin\u003c/artifactId\u003e\n \u003cversion\u003e3.0.5\u003c/version\u003e\n \u003cexecutions\u003e\n \u003cexecution\u003e\n \u003cgoals\u003e\n \u003cgoal\u003echeck\u003c/goal\u003e\n \u003c/goals\u003e\n \u003c/execution\u003e\n \u003c/executions\u003e\n \u003c/plugin\u003e\n \u003cplugin\u003e\n \u003cgroupId\u003ese.bjurr.violations\u003c/groupId\u003e\n \u003cartifactId\u003eviolations-maven-plugin\u003c/artifactId\u003e\n \u003cversion\u003eX\u003c/version\u003e\n \u003cexecutions\u003e\n \u003cexecution\u003e\n \u003cphase\u003evalidate\u003c/phase\u003e\n \u003cgoals\u003e\n \u003cgoal\u003eviolations\u003c/goal\u003e\n \u003c/goals\u003e\n \u003cconfiguration\u003e\n \u003c!-- Optional config --\u003e\n \u003c!-- 0 is disabled --\u003e\n \u003cmaxReporterColumnWidth\u003e0\u003c/maxReporterColumnWidth\u003e\n \u003cmaxRuleColumnWidth\u003e60\u003c/maxRuleColumnWidth\u003e\n \u003cmaxSeverityColumnWidth\u003e0\u003c/maxSeverityColumnWidth\u003e\n \u003cmaxLineColumnWidth\u003e0\u003c/maxLineColumnWidth\u003e\n \u003cmaxMessageColumnWidth\u003e50\u003c/maxMessageColumnWidth\u003e\n \n \u003c!-- Global configuration, remove if you dont want to report violations \n for the entire repo. --\u003e\n \u003c!-- INFO, WARN or ERROR --\u003e\n \u003cminSeverity\u003eINFO\u003c/minSeverity\u003e\n \u003c!-- PER_FILE_COMPACT, COMPACT or VERBOSE --\u003e\n \u003cdetailLevel\u003eVERBOSE\u003c/detailLevel\u003e\n \u003c!-- Will fail the build if total number of found violations is higher --\u003e\n \u003cmaxViolations\u003e99999999\u003c/maxViolations\u003e\n \u003c!-- Will print violations found in diff --\u003e\n \u003cprintViolations\u003etrue\u003c/printViolations\u003e\n \u003c!-- Will create a CodeClimate JSON report. --\u003e\n \u003ccodeClimateFile\u003ecode-climate-file.json\u003c/codeClimateFile\u003e\n \u003c!-- Will create a normalized JSON report. --\u003e\n \u003cviolationsFile\u003eviolations-file.json\u003c/violationsFile\u003e\n \n \u003c!-- Diff configuration, remove if you dont want to report violations \n for files changed between specific revisions. --\u003e\n \u003c!-- Can be empty (ignored), Git-commit or any Git-reference --\u003e\n \u003cdiffFrom\u003e\u003c/diffFrom\u003e\n \u003c!-- Same as above --\u003e\n \u003cdiffTo\u003e\u003c/diffTo\u003e\n \u003c!-- INFO, WARN or ERROR --\u003e\n \u003cdiffMinSeverity\u003eINFO\u003c/diffMinSeverity\u003e\n \u003c!-- PER_FILE_COMPACT, COMPACT or VERBOSE --\u003e\n \u003cdiffDetailLevel\u003eVERBOSE\u003c/diffDetailLevel\u003e\n \u003c!-- Will fail the build if number of violations, in the diff within from/to, is higher --\u003e\n \u003cdiffMaxViolations\u003e99\u003c/diffMaxViolations\u003e\n \u003c!-- Will print violations found in diff --\u003e\n \u003cdiffPrintViolations\u003etrue\u003c/diffPrintViolations\u003e\n \u003c!-- Where to look for Git --\u003e\n \u003cgitRepo\u003e.\u003c/gitRepo\u003e\n \n \n \u003c!-- This is mandatory regardless of if you want to report violations \n between revisions or the entire repo. --\u003e\n \u003cviolations\u003e\n \u003cviolation\u003e\n \u003c!-- Many more formats available, see:\n https://github.com/tomasbjerre/violations-lib\n --\u003e\n \u003cparser\u003eFINDBUGS\u003c/parser\u003e\n \u003creporter\u003eFindbugs\u003c/reporter\u003e\n \u003cfolder\u003e.\u003c/folder\u003e\n \u003cpattern\u003e.*/findbugsXml\\.xml$\u003c/pattern\u003e\n \u003c/violation\u003e\n \u003c/violations\u003e\n \u003c/configuration\u003e\n \u003c/execution\u003e\n \u003c/executions\u003e\n \u003c/plugin\u003e\n \u003c/plugins\u003e\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftomasbjerre%2Fviolations-maven-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftomasbjerre%2Fviolations-maven-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftomasbjerre%2Fviolations-maven-plugin/lists"}