I am trying to run PMD java rules to our Project and my pom file of the pipeline have the below entries:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<version>3.13.0</version>
<configuration>
<!-- failOnViolation is actually true by default, but can be disabled -->
<failOnViolation>true</failOnViolation>
<!-- printFailingErrors is pretty useful -->
<printFailingErrors>true</printFailingErrors>
</configuration>
</plugin>
</plugins>
But I am not seeing the PMD rules being applied and I cannot see them in the analysis report of Sonar Cloud.
Am I missing anything?do I have to pass any extra params in the build pipeline in addition to just mentioning the PMD plugin in the pom file? Kindly clarify.
Thank you for your feedback,I have now added `sonar.java.pmd.reportPaths=‘/src_mbo/pmd.xml’(this is where my pmd analysis report xml resides) in my azure pipeline task. I can see the PMD violations displayed when the build pipeline is run, but not in the Sonar cloud report yet and it still shows the violations from default rules of Sonar cloud.
I did try to update the PMD Report file settings in Administartion but still no luck:
What do your scanner logs say about the import of PMD issues? (the output of mvn sonar:sonar – try searching for the file path you’ve passed to sonar.java.pmd.reportPaths)
The logs of the build pipeline says its not able to import the results:
2023-07-14T15:44:31.7074735Z [INFO] Sensor Import of PMD issues [java]
2023-07-14T15:44:31.7091513Z [INFO] Importing D:\a\1\*****\****\dist\src_mbo\pmd.xml
2023-07-14T15:44:31.7742827Z [WARNING] No input file found for D:\a\1\*****\*****\src_mbo\java\***\app\ticket\ExtSR.java. No PMD issue will be imported on this file.
2023-07-14T15:44:31.7754543Z [WARNING] No input file found for
The pipeline line task first builds my artefacts and then does the PMD checks and places the results pmd.xml in the dist folder which will be artefacts folder.
I am then trying to feed in the artefact’s location where the pmd.xml is generated as below:
Now it can identify the reporting path but is not able to import the validations due to the above error.
My suspicion is -it might be trying to look for the java classes in the artefacts folder (where it has generated pmd.xml)which it will not be able to locate, since the artefacts will be generated as jars post compilation and there will be no real java classes with in dist folder.
Isn’t it just simple as picking the pmd.xml from the location specfied in sonar.java.pmd.reportPaths and then redenring the same in Sonar cloud? Does it do any extra checks before importing the results in Sonar Cloud? please advise.
I am assuming the path to the report file is correct here and jumping to the next questions.
Have you tried using “pmd.xml” as the report path? There is some pattern matching going on here based on the files that the scanner picks up during analysis. So a full path may not be the way to go.
