Java alternative to code-Climate

Asked

Viewed 649 times

4

I wonder if anyone knows any tool/service for Java for the service code-Climate

The service provides an analysis of the code under various aspects of good practice, potential security risks and many other things. However it is only available for Ruby on Rails, JavaScript and PHP

Right now I’m more concerned with the static analysis part of the code. I know that there are several plugins for several IDE but I am looking for a unified solution, such as an analysis directly in the repository, without relying on a uniform environment among developers.

java static-analysis

2 answers

3


There are several well-known tools for static analysis and quality inspection of code in Java. Among them:

  • Checkstyle: Very interesting to validate code conventions and Javadoc. Names, number of parameters in each method, number of lines of code in a method, duplicate code, etc.
  • Findbugs: Works at bytecode level. It’s pretty cool to find problems with code (use of equals vs ==), competition, code vulnerability, internationalisation, among others.
  • PMD: Tool focused on detecting bad coding practices. Detects problems similar to Findbugs, but at source level (dead code, blocks catch empty, etc). Can compute some interesting metrics such as cyclomatic complexity.
  • Sonarqube: Tool for code quality inspection. You can use all the above tools, as well as others specialized in coverage testing, unit testing, etc. Have a front end web with reports, charts, code evolution through time, trends, etc.

All these tools can be used outside the IDE (through Ant, Maven, etc).

For your case I would recommend Sonarqube. While there are plugins for the main IDES (IDEA, Netbeans, Eclipse), Sonarqube can easily be used stand-alone and also along with the most common continuous integration tools in the Java world (Jenkins, Hudson, Bamboo, Teamcity, etc).

  • Thanks! I think your recommendation will suit you perfectly! Thank you!

2

Another very suitable solution:

  • Codacy: makes code inspection (uses PMD) commit a commit, which means that on an existing code base it is still useful even if you do not want/can attack all the existing problems (just go through the current notifications and act on them); presents good reports and integrates with a number of tools (JIRA, Slack, Heroku, etc); it is also possible to integrate Code solutions Coverage. Also supports other languages (JavaScript, Python, Ruby, PHP, Scala, CoffeeScript e CSS) and presents documentation on how to solve each of the problems you identify.

Browser other questions tagged java static-analysis

You are not signed in. Login or sign up in order to post.