PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It supports Java, JavaScript, Salesforce.com Apex and Visualforce, Modelica, PLSQL, Apache Velocity, XML, XSL, Scala.
Additionally it includes CPD, the copy-paste-detector. CPD finds duplicated code in C/C++, C#, Dart, Fortran, Go, Groovy, Java, JavaScript, JSP, Kotlin, Lua, Matlab, Modelica, Objective-C, Perl, PHP, PLSQL, Python, Ruby, Salesforce.com Apex, Scala, Swift, Visualforce and XML.
This fork adds support for importing PMD defects into Coverity Connect. This will allow users of Coverity to analyze defects from various SAST tools from a same central repository with all the features Coverity provides for triaging, reporting, etc.
To make it work use the PDM format coverity and import the generated file with the regular cov-import-results command of Coverity CLI.
Building PMD:
There's a known issue with JDK11+ and maven-javadoc-plugin. If you have an error such as
[ERROR] Exit code: 1 - javadoc: error - The code being documented uses modules but the packages defined in https://docs.oracle.com/javase/8/docs/api/ are in the unnamed module.
during the compilation of javadoc your options are
- Skip the javadoc creation by adding -Dmaven.javadoc.skip=true on the mvnw command line
- Or, downgrade the javadoc plugin to 3.0.1 using -Djavadoc.plugin.version=3.0.1
- How do I? -- Ask a question on StackOverflow.
- I got this error, why? -- Ask a question on StackOverflow.
- I got this error and I'm sure it's a bug -- file an issue.
- I have an idea/request/question -- file an issue.
- I have a quick question -- ask on our Gitter chat.
- Where's your documentation? -- https://pmd.github.io/latest/
Our latest source of PMD can be found on GitHub. Fork us!
The rule designer is developed over at pmd/pmd-designer. Please see its README for developer documentation.
More information can be found on our Website.