Sonar-PMD is a plugin that provides coding rules from PMD for use in SonarQube.
Starting April 2022, the project has found a new home. We, jborgers and stokpop, aim to provide an active project and well-maintained sonar-pmd plugin. It is now sponsored by Rabobank.
The plugin should be available in the SonarQube marketplace and is preferably installed from within SonarQube (Administration --> Marketplace --> Search pmd).
Alternatively, download the latest JAR file, put it into the plugin directory (./extensions/plugins) and restart SonarQube.
Usage should be straight forward:
- Activate some PMD rules in your quality profile.
- Run an analysis.
Sonar PMD plugin version 4.0.0 supports PMD 7 which is incompatible with PMD 6: the reason for a major release. Use version 4.0+ for child plugins with custom rules written in PMD 7, such as sonar-pmd-jpinpoint 2.0.0.
Sonar-PMD analyzes the given source code with the Java source version defined in your Gradle or Maven project.
In case you are not using one of these build tools, or if that does not match the version you are using, set the sonar.java.source property to tell PMD which version of Java your source code complies to.
Possible values : 8 to 24 and 24-preview
| Sonar-PMD Plugin | 3.4.0 | 3.5.0 | 3.5.1 | 4.0.0 |
|---|---|---|---|---|
| PMD | 6.45.0 | 6.55.0 | 6.55.0 | 7.10.0 |
| Max. Java Version | 18 | 20-preview *2 | 20-preview *2 | 24-preview |
| Min. SonarQube Version | 8.9(*1) / 9.3 | 9.8 | 9.9.4 | 9.9.4 |
| Max. SonarQube Version | 9.9 | 10.4 | 10.5+ | 10.8+ |
(*1) Note: Plugin version 3.4.x runs in SonarQube 8.9, however, Java 17+ is only fully supported in SonarQube 9.3+.
(*2) Note: Supports all tested Java 21 features; on parsing errors, warns instead of breaks
A majority of the PMD rules have been rewritten in the Sonar Java plugin. Rewritten rules are marked "Deprecated" in the PMD plugin.
PMD tool provides some rules that can check the code of JUnit tests. Please note that these rules (and only these rules) will be applied only on the test files of your project.
Sonar-PMD is licensed under the GNU Lesser General Public License, Version 3.0.
Parts of the rule descriptions displayed in SonarQube have been extracted from PMD and are licensed under a BSD-style license.
To build the plugin and run the integration tests (use java 17 to build the plugin):
./mvnw clean verify