Sonar-PMD is a plugin that provides coding rules from PMD for use in SonarQube.
Starting April 2022, the project has found a new home. We, jborgers and stokpop, aim to provide an active project and well-maintained sonar-pmd plugin. It is now sponsored by Rabobank.
The plugin should be available in the SonarQube marketplace and is preferably installed from within SonarQube (Administration → Marketplace → Search pmd).
Alternatively, download the latest JAR file, put it into the plugin directory (./extensions/downloads) and restart SonarQube.
Usage should be straight forward:
- Activate some PMD rules in your quality profile.
- Run an analysis.
Sonar PMD plugin version 4.0+ supports PMD 7 which is incompatible with PMD 6: the reason for a major release. Use version 4.0+ for child plugins with custom rules written in PMD 7, such as sonar-pmd-jpinpoint 2.0.0.
Sonar-PMD analyzes the given source code with the Java source version defined in your Gradle or Maven project.
In case you are not using one of these build tools, or if that does not match the version you are using, set the sonar.java.source property to tell PMD which version of Java your source code complies to.
Possible values: 8 to 24 and 24-preview
| Sonar-PMD Plugin | 3.5.0 | 3.5.1 | 4.0.0 | 4.0.3 | 4.1.0 |
|---|---|---|---|---|---|
| PMD | 6.55.0 | 6.55.0 | 7.10.0 | 7.14.0 | 7.15.0 |
| Max. Java Version | 20-preview (*1) | 20-preview (*1) | 20 (*2) | 24-preview | 24-preview |
| Min. SonarQube Version | 9.8 | 9.9.4 | 9.9.4 | 9.9.4 | 9.9.6 |
| Max. SonarQube Version | 10.4 | 10.5+ | 10.8+ | 25.6+ | 25.6+ |
(*1) Note: Supports all tested Java 21 features; on parsing errors, warns instead of breaks.
(*2) Note: Does not support Java 20-preview nor Java 21.
PMD rules created since PMD 5.5.0 in 2016 were missing in release 4.0.3 and before.
Additionally, the sonar-pmd plugin marked the PMD rules which have a known adopted alternative in Sonar as Deprecated.
Furthermore, PMD rules which were deprecated by PMD itself had the Deprecated mark as well, which was confusing.
With version 4.1.0 we introduce easy incorporation of new PMD rules into this plugin and thereby support the full up-to-date set of PMD rules in Sonar.
From now on, only rules that are deprecated in PMD are also marked Deprecated in Sonar. Rules that have alternative rules in Sonar are tagged with
has-sonar-alternative, so they can be easily selected in SonarQube. The documentation will include the link to known alternative Sonar rule.
Limitations:
- Referred alternative Java Sonar rules are limited to rules from before 2016, newer Java Sonar rules are not referred to yet. If you find missing alternative rules please create a Github issue.
- The estimated amount of time to fix issues is only available for rules from before 2016.
- Total rules in old version (4.0.3): 206
- Total rules in new version (4.1.0): 281
- Rules added: 80
- Rules removed: 5
- Rules unchanged: 46
- Rules updated: 154
- Rules renamed: 11
See details: pmd_release_notes_4.1.0.md
Support for Kotlin and Apex PMD rules is work in progress.
Sonar-PMD is licensed under the GNU Lesser General Public License, Version 3.0.
Parts of the rule descriptions displayed in SonarQube have been extracted from PMD and are licensed under a BSD-style license.
To build the plugin and run the integration tests (use java 17 to build the plugin):
./mvnw clean verify
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
![@dependabot-preview[bot]](https://avatars.githubusercontent.com/in/2141?s=64&v=4){kind=small}
