Jenkins is a highly extensible platform and, in some cases, plugins are the foundation for further plugins.
One such example is the plugin for static code analysis. This plugin provides the necessary foundation for reporting and presenting of static analysis produced from building jobs, but does not in and of itself do any analysis. That is the responsibility of additional plugins which analyze files in the build workspace, such as source code and, if appropriate, the results of building that source code.
For example, there is the FindBugs plugin, that runs FindBugs which looks for bugs in Java code. FindBugs is an excellent utility for identifying problems in Java code. Combine FindBugs with Jenkins and those problems can be easily viewed, monitored and tracked over builds.
However, this blog entry will focus on two other static analysis plugins: the Task Scanner plugin; and the Warnings plugin.
Stable Release Versions
The latest release of the Task Scanner plugin is 4.26 and was released in December 2011. It has no known issues. The latest release of the Warnings plugin is 3.27 and was released in January 2012; it has known issues.
Requirements for Plugin-Use
Jenkins 1.409 or newer and the utility plugin "analysis-core" (called "Static Analysis Utilities").
I created a job on Jenkins to build Jenkins and configured the Task Scanner for the job as follows:
after building, the results can be viewed by clicking on the "Open Tasks" link on the left hand side of the screen:
We can observe that the Jenkins code base has 15 high priority tasks ("FIXME"), 330 normal priority tasks ("TODO") and 425 low priority tasks ("@deprecated"). It is not surprising that there are so many @deprecated tasks, Jenkins has maintained backwards compatibility for a long time.
Given a particular task, it is possible to drill down and view the source:
The (Compiler) Warnings plugin can scan, using selected parsers, the build console log and workspace files and report compiler warnings. There are many parsers, if Cobol is your language of choice (or not as the case is highly likely to be) there is a parser for that.
In this case, I have configured the previous Jenkins job to scan for compiler warnings in the console log:
To ensure that such warnings are generated by the Java compiler, I need to tweak the Jenkins pom file:
<plugin>After building, a summary of the results can viewed from the build status page:
The plugin detected 213 warnings. Notice that the status of the open tasks from the Task Scanner plugin are also displayed.
A summary of the warnings can be viewed by clicking on the "Compiler Warnings" link on the left hand side:
As presented these plugins are rather useful to track tasks and warnings in source code. They are quick to set up, even for a large project such as Jenkins.
Finally, the results of both the tasks and compiler warnings can be combined with the Static Analysis Collector plugin. Combine it with the DashBoard View plugin and a summary can be presented:
- Static code analysis page
- Task Scanner plugin page
- Warnings plugin page
- Static analysis collector pageCollector plugin
- DashBoard view page