pmd plugin is not available in jenkins - jenkins

pmd plugin is not available in jenkins
Neither it is available on jenkins plugins page

Searching the Jenkins plugin site reveals nothing as observed.
But if you look in GitHub, it shows the following:
This plugin reached end-of-life.
All functionality has been integrated into the Warnings Next
Generation Plugin
and the Static Analysis Model and Parsers
Library.
If you look on the Jenkins plugins site, it shows "forbidden". That suggests it's been pulled and its use discouraged.
Instead, install the Warnings Next Generation Plugin (needs some latest dependencies).
In your job, add a build-step "Records compiler warnings and static analysis results".
Choose "Static Analysis Tool | Tool" [ PMD ]. The default intake is "'**/pmd.xml'".
The plugin's main page gives an overview and notes support for more than hundred report formats. There is additional documentation describing all the extra features.
ps: Perhaps Jenkins needs a better mechanism (WEBSITE-764:Deprecated plugin handling - UX) to handle removed plugins?

Related

How to configure Fortify plugin using 'Jenkins Configuration As Code' Jenkins plugin (JCASC)?

I'm setting up a new Jenkins master server and configuring it using the Jenkins Configuration as code (JCASC) plugin.
https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/README.md
I've configured most plugins with JCASC, based on documentation and examples inside the project, but I can't find the syntax for configuring plugin 'Fortify Jenkins Plugin' version 18.10.
I need to set these properties:
URL of the remote Fortify server, authentication token (generated on the fortify server) and which template to use.
Can anyone assist with an example or syntax for the yml file used by the JCASC plugin for Fortify plugin?
I don't know if fortify-plugin is compatible with JCasC, it might be or it might need some modifications. That said, if it is compatible, then the configuration export should work for it.
So, spin up a Jenkins instance, install the plugin, configure whatever you want in the Jenkins UI and then go to the CasC page and use the configuration export. That should give you a JCasC file containing your setup.
Alternatively, you can try the JCasC Schema experimental feature. It's a JSON schema generated by Jenkins that you can use in your YAML editor for autocompletion. More information here.
we have just released an update of the Fortify plugin with support for JCasC. Keep in mind, versions of the plugin prior to v21.1.36 were unable to support it, we had to make changes to make it happen.
You can find official documentation on how to use our configuration elements here. There's one correction to the documentation, though. Our top level configuration element is called fortifyPlugin instead of fortify mentioned in the documentation. It is going to be corrected in the next documentation update.
Here's a sample configuration for your quick reference:
unclassified:
fortifyPlugin:
url: "https://qa-plg-ssc3.prgqa.hpecorp.net:8443/ssc"
token: "3ab8c774-0850-483b-8be6-2907722a81d8"
proxyConfig:
proxyUrl: "web-proxy.us.softwaregrp.net:8080"
projectTemplate: "Prioritized High Risk Issue Template"
connectTimeout: "10"
readTimeout: "20"
writeTimeout: "10"
breakdownPageSize: "50"
ctrlToken: "5176d380-26ac-430f-95d7-0a2272cf3297"

Errors in Eclipse (Spring Tool Suite) in Spring Security

I'm attempting to become a contributor for Spring Security, it's not going so well. I am getting validation errors in Spring Tool Suite although the build/compilation of the .gradle project is succeeding. The errors show up in the "Markers" view in Eclipse. Here is what I've done so far.
Forked the Spring Security master branch on Github
Copied the https URL for my forked branch
In Spring Tool Suite, Import->Git->Projects from Git->Clone URI
After #3 Spring Tool Suite downloaded the project from Git
Spring Tool Suite prompted asking me what type of project to create
I selected "Import as a general project"
I deleted the project from my workspace (but did not delete it on disk)
I imported the project using Import->Gradle->Gradle project and the recommended settings
After everything finishes building, I get the following error in Spring Tool Suite:
The error is accompanied by several messages including the following:
Pointcut cannot be resolved to a type
The method aspectOf() is undefined for the type ...
The method proceed() is undefined for the type ...
This error can be fixed (with an ugly hack) if I open the Eclipse .project file and add the following:
<buildSpec>
<buildCommand>
<name>org.eclipse.ajdt.core.ajbuilder</name>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.ajdt.ui.ajnature</nature>
</natures>
Question
How can I properly set up my development environment? What should I look into for figuring out why I'm getting these errors? I'm currently researching how the gradle/maven configurations relate to the Eclipse .project file, but I have not gotten very far yet.
Here is what works for me (and what I discussed with Rob Winch):
download STS 3.7.2 (not the latest 3.7.3, it has a few issues when importing spring-security projects) from https://spring.io/tools/sts/all. There is a link to previous versions of STS. There you find STS 3.7.2.
install Groovy-Eclipse into that from here: http://dist.springsource.org/snapshot/GRECLIPSE/e4.5/
install the Gradle STS tooling from here:
http://download.springsource.com/release/TOOLS/update/3.7.2.RELEASE/e4.5
after installing all the components mentioned above, import the spring-security projects using the STS Gradle support ("Import -> Gradle -> ...")
it might take a while, but after downloading the necessary artifacts, all those projects should appear in your workspace. The "aspects" one has an error marker on it. Right-click on the project, go to the Groovy context menu entry, and do the "remove Groovy nature" (or something like that). That removes the groovy tooling for that project and it compiles fine.
After all those steps, I get a workspace with all those projects compiling fine. But it looks like we could/should simplify this procedure in the future using an Eclipse Oomph setup file maybe. But that is a story for the future.
Hope this helps!!!
I found this walkthrough on how to bring spring projects into eclipse via gradle. It actually looks like it was based on Spring Security which might create a nice process flow for you.
My guess is, eclipse is not defaulting to use the gradle configuration for its dependency management.

How to use Checkstyle plugin in Jenkins/Hudson

I am interested to know how to use CheckStyle.
I am doing static code analysis in Hudson, as first part, I installed Static Analyser and CheckStyle plugins in Hudson. But I am not able to find out how to use it in official Hudson checkstyple page also.
official page : http://wiki.hudson-ci.org/display/HUDSON/Checkstyle+Plugin
If you can show me a step by step procedure, that is more helpful to me.
Posting this as an answer per request:
You need to run CheckStyle as part of your build job; Hudson just displays the results from your build. Here is documentation for the Ant task and the Maven plugin.
In the Hudson build job configuration screen you should find a checkbox that turns on Checkstyle. You don't need to change your Maven scripts. I don't know if Ant scripts would need adjustment as we always use Maven.

Customizing and Developing the plugins and pages In SONAR

I started working on SONAR, I have been analyzing the projects and thats going fine. Two questions has raised
If I want to customize the SONAR pages or adding new customized plugins to it, Do I need to have knowledge on RUBY.
Can I get SONAR src distribution,so that I can put it in my say Eclipse workspace and modify and add plugins by my own ?
Need your suggestions,and knowledge.
Sonar plugins are mainly developed in Java (metric computation, code parsing, resource creation, ...), but if you want to extend Sonar UI, then yes you need Ruby on Rails knowledge.
You can find Sonar source on GitHub: https://github.com/SonarSource/sonar.
You can also find the sources of lots of Sonar Plugins on the plugins forge's SVN repository: https://svn.codehaus.org/sonar-plugins/trunk/
And finally, visit the documentation on how to write plugins for Sonar: http://docs.codehaus.org/display/SONAR/Developing+Plugins

PMD with grails project

Does PMD works with grails project, i.e. with .groovy files??
i'm using STS editor,
if it works, what setup i have to do?
Please let me know, if anyone have any idea
Thanks in advance
I'm not aware of any PMD plugin for Groovy/Grails. However, there is a CodeNarc Grails plugin, which does similar kinds of static analysis on Groovy/Grails code.
codeNarc is one of the best choices for grails projects, thou it is ignoring java classes that potentially are part of your project.
I have not seen any pmd or findBugs plugins for grails that would take care of the java portion. You can use the STS/Eclipse PMD plugin thou to analyze explicitly the src/java/ folder.
Unfortunately the findBugs eclipse-plugin is not able to limit to a certain parts of the project so it no big use (findBugs works purely on class files and works through the complete project).
I guess it should be possible to write a grails pmd plugin that would analyze the java parts of a grails project.
Starting with Grails 3, the build system uses Gradle. There is a PMD gradle plugin which you could use to perform static analysis on your java source files. There is also a Codenarc gradle plugin which you can use to perform analysis on the groovy files in your project.
https://docs.gradle.org/current/userguide/pmd_plugin.html

Resources