How to integrate PMD with Maven or Gradle?

PMD provides plugins for both Maven and Gradle; add the plugin to your build file and configure rulesets in the PMD section. Check the official documentation for detailed examples and setup instructions.

Does PMD work with Kotlin code analysis?

Yes, PMD supports Kotlin for static analysis with built-in rules, but the rule coverage may be less comprehensive than for Java. Refer to the language-specific rulesets in the docs for details.

PMD vs SonarQube: which is better for Java projects?

PMD is lighter and more extensible for custom rules, ideal for teams wanting fine-grained control. SonarQube offers broader metrics, security analysis, and a web UI, making it better for comprehensive platform needs.

How to write custom PMD rules for JavaScript?

Use Java or XPath to define rules based on JavaScript AST nodes; create an XML ruleset file and reference it in PMD configuration. The PMD designer tool can help test and visualize XPath queries.

What languages does PMD's copy-paste detector cover?

CPD supports over 30 languages including C++, Python, Ruby, and Go, making it useful for detecting duplicates in diverse projects. See the README for the full list and configuration options.

Can PMD be used in CI/CD pipelines like GitHub Actions?

Yes, run PMD using the binary or Docker image in workflow steps; execute 'pmd check' to analyze code and report violations, integrating automated code quality checks into your CI process.

Open-Awesome

PMD

NOASSERTIONJavapmd_releases/7.25.0

An extensible multilanguage static code analyzer that finds common programming flaws and duplicated code across 20+ languages.

Visit Website GitHub

5.4k stars1.6k forks0 contributors

What is PMD?

PMD is an extensible multilanguage static code analyzer that scans source code to identify common programming flaws like unused variables, empty catch blocks, and unnecessary object creation. It supports over 20 programming languages, including Java, JavaScript, Kotlin, and Swift, and includes a copy-paste detector (CPD) to find duplicated code.

Target Audience

Developers and teams working on multilanguage projects who need automated code quality checks, especially those using Java, Apex, or other supported languages for enterprise or open-source software.

Value Proposition

PMD offers a highly extensible framework with 400+ built-in rules and support for custom rule creation, making it a versatile choice for teams needing tailored static analysis across multiple programming languages.

Overview

An extensible multilanguage static code analyzer.

Use Cases

Best For

Identifying common programming flaws in Java and Apex codebases
Detecting duplicated code across multiple programming languages
Enforcing code quality standards in multilanguage projects
Extending static analysis with custom rules using Java or XPath
Integrating code analysis into CI/CD pipelines for automated reviews
Improving maintainability by catching unused variables and empty catch blocks

Not Ideal For

Projects heavily using Scala, as PMD has no built-in rules for it despite language support
Teams requiring deep, out-of-the-box security vulnerability detection beyond basic code smells
Developers seeking seamless, real-time IDE analysis without additional plugin configuration
Small, single-language projects where lighter linters suffice with less setup overhead

Pros & Cons

Pros

Broad Language Support

Analyzes over 20 languages including Java, JavaScript, and Swift, with built-in rules for many, making it versatile for multilanguage codebases as noted in the README.

Extensive Built-in Rules

Comes with 400+ pre-configured rules for common flaws like unused variables and empty catch blocks, reducing manual code review effort as highlighted in the features.

Integrated Copy-Paste Detection

Includes CPD to find duplicated code across 30+ languages, aiding in maintaining code quality and reducing redundancy, as specified in the README.

Extensible Rule Framework

Allows custom rule creation using Java or XPath queries, enabling teams to tailor analysis to project-specific needs, per the extensible architecture description.

Cons

Uneven Language Support

Core focus is on Java and Apex, with limited or no rules for some supported languages like Scala, reducing effectiveness for non-Java projects as admitted in the README.

Manual Setup Complexity

Requires downloading and extracting binaries rather than simple package manager installs, which can be cumbersome for CI/CD integration compared to tools like ESLint or Pylint.

Potential False Positives

AST-based analysis can generate noise, requiring manual rule tuning to avoid irrelevant warnings, a common trade-off in static analysis tools not explicitly addressed in documentation.

Frequently Asked Questions

Related Projects

p3c

Alibaba Java Coding Guidelines pmd implements and IDE plugin

Stars30,824

Forks7,995

Last commit1 year ago

infer

A static analyzer for Java, C, C++, and Objective-C

Stars15,637

Forks2,093

Last commit2 days ago

Checkstyle

Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.

Catch common Java mistakes as compile-time errors

Stars7,178

Forks793

Last commit3 days ago

Community-curated · Updated weekly · 100% open source

Found a gem we're missing?

Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.

Submit a project Star on GitHub

PMD