What code analysis tools do you use for your Java projects?

Question

What code analysis tools do you use on your Java projects?

I am interested in all kinds

• static code analysis tools (FindBugs, PMD, and any others)
• code coverage tools (Cobertura, Emma, and any others)
• any other instrumentation-based tools
• anything else, if I'm missing something

If applicable, also state what build tools you use and how well these tools integrate with both your IDEs and build tools.

If a tool is only available a specific way (as an IDE plugin, or, say, a build tool plugin) that information is also worth noting.

Answer 1

We use FindBugs and JDepend integrated with Ant. We use JUnit but we're not using any coverage tool.

I'm not using it integrated to Rational Application Developer (the IDE I'm using to develop J2EE applications) because I like how neat it looks when you run javac in the Windows console. :P

Answer 2

Checkstyle is another one I've used at a previous company... it's mainly for style checking, but it can do some static analysis too. Also, Clover for code coverage, though be aware it is not a free tool.

Answer 3

We are using FindBugs and Checkstyle as well as Clover for Code Coverage.

I think it's important to have some kind of static analysis, supporting your development. Unfortunately it's still not widely spread that these tools are important.

Answer 4

I am looking for many answers to learn about new tools and consolidate this knowledge in a one question/thread, so I doubt there will be 1 true answer to this question.

My answer to my own question is that we use:

• Findbugs to look for common errors bad/coding - run from maven, and also integrates easily into Eclipse
• Cobertura for our coverage reports - run from maven

Hudson also has a task-scanner plugin that will display a count of your TODO and FIXMEs, as well as show where they are in the source files.

All are integrated with Maven 1.x in our case and tied into Hudson, which runs our builds on check-in as well as extra things nightly and weekly. Hudson trend graphs our JUnit tests, coverage, findbugs, as well as open tasks. There is also a Hudson plugin that reports and graphs our compile warnings. We also have several performance tests with their own graphs of performance and memory use over time using the Hudson plots plugin as well.

Answer 5

All of the following we use and integrate easiy in both our Maven 2.x builds and Eclipse/RAD 7:

• Testing - JUnit/TestNG
• Code analysis - FindBugs, PMD
• Code coverage - Clover

In addition, in our Maven builds we have:

• JDepend
• Tag checker (TODO, FIXME, etc)

Furthermore, if you're using Maven 2.x, CodeHaus has a collection of handy Maven plugins in their Mojo project.

Note: Clover has out-of-the-box integration with the Bamboo CI server (since they're both Atlassian products). There are also Bamboo plugins for FindBugs, PMD, and CheckStyle but, as noted, the free Hudson CI server has those too.

Answer 6

I've had good luck with Cobertura. It's a code coverage tool which can be executed via your ant script as part of your normal build and can be integrated into Hudson.

Answer 7

I use the static analysis built into IntelliJ IDEA. Perfect integration.

I use the code coverage built into Intellij IDEA (based on EMMA). Again, perfect integration.

This integrated solution is reliable, powerful, and easy-to-use compared to piecing together tools from various vendors.

Answer 8

Our team use PMD and Cobertura, actually our projects are maven projects and there is very simple to include plug ins for code analysis. The real question would be for specific project which analysis you need to use, my opinion is that it's you couldn't use the same plugins for each project.

Answer 9

I use a combination of Cobertura, Checkstyle, (Ecl)Emma and Findbugs.

EclEmma is an awesome Eclipse plugin that shows the code coverage by coloring the java source in the editor (screenshot) - the coverage is generated by running a JUnit test. This is really useful when you are trying to figure out which lines are covered in a particular class, or if you want to see just which lines are covered by a single test. This is much more user friendly and useful than generating a report and then looking through the report to see which classes have low coverage.

The Checkstyle and Findbugs Eclipse plugins are also useful, they generate warnings in the editor as you type.

Maven2 has report plugins that work with the above tools to generate reports at build time. We use this to get overall project reports, which are more useful when you want aggregate numbers. These are generated by our CI builds, which run using Continuum.

Answer 10

i have an article on findbugs http://www.ideyatech.com/2008/10/static-code-analysis-using-findbugs/

Answer 11

in our project we use Sonar in front of checkstyle, pmd.... together with the CI (Bamboo, Hudson) we get also a nice history of our source quality and what directing we go. I do like Sonar, because you one central tool in the CI Stack that does it for you, and you can easy customize the rules for each project.