CodePro Documentation : CodePro Audit Plugin

Usage

The audit goal performs the basic code auditing function. It can optionally be configured to produce one or more audit reports and one or more audit series reports. It can also optionally be configured to fail the build if too many violations are found during the audit.

The auditReport goal adds an audit report to the site being built. An audit report contains the details of which violations were found and which resources contained those violations. It covers a single audit.

The seriesReport goal adds an audit series report to the site being built. An audit series report shows how the number of violations in a given code base has changed over time. It can display this information in a number of different aggregations, such as total violations, violations of a given severity, violations by resource, and violations by author. It covers multiple audits of the same project performed over time.

Choosing Goals

Because all three of the provided goals can produce reports, it might not be immediately obvious which goal(s) you want to use. This section will provide you with the guidelines you need to choose how best to configure your projects.

If you want to include an audit report as part of the project site that Maven builds, then you need to use the report goal. If you want to include an audit series report as part of the project site that Maven builds, then you need to use the seriesReport goal.

If you want to use the results of the audit to cause the build to fail, or if you want to produce one or more reports that are not part of the project site that Maven builds, then you need to use the audit goal.

If you need to use the audit goal and also one or both of the reporting goals, then you can optimize the performance of the reporting goals by producing the report as part of the audit goal. The reporting goals will simply copy the resulting report without re-auditing the code base.

Accessing the CodePro Audit Plugin

To make the CodePro Audit plugin available to Maven you need to configure access to the CodePro Maven plugin repository, as shown below.

<project>
  ...
  <repositories>
    <repository>
      <id>Instantiations repository</id>
      <name>Instantiations Maven2 Repository</name>
      <url>http://maven2.instantiations.com/</url>
      <layout>default</layout>
      <releases>
        <enabled>true</enabled>
        <updatePolicy>always</updatePolicy>
        <checksumPolicy>fail</checksumPolicy>
      </releases>
      <snapshots>
        <enabled>true</enabled>
        <updatePolicy>always</updatePolicy>
        <checksumPolicy>fail</checksumPolicy>
      </snapshots>
    </repository>
  </repositories>
  <pluginRepositories>
    ...
  </pluginRepositories>
  ...
</project>

Run a CodePro Audit During a Build

To run a CodePro code audit during a build, you need to add the CodePro Audit plugin in the <build> section of your project pom as shown in the sample below.

<project>
  ...
  <build>
    <plugins>
      ...
      <plugin>
        <groupId>com.instantiations</groupId>
        <artifactId>audit-plugin</artifactId>
        <configuration>
          ...
        </configuration>
        <executions>
          <execution>
            <phase>verify</phase>
            <goals>
              <goal>audit</goal>
            </goals>
          </execution>
        </executions>
      </plugin>
      ...
    </plugins>
  </build>
  ...
</project>

This tells Maven that you want to have the CodePro audit goal be executed during the verify phase of the build process. For a description of the configuration parameters, see the documentation for the audit goal.

You can also run a CodePro code audit by explicitly executing the audit-plugin:audit goal from the command line. You will still need to configure the plugin within your project's pom if you need to specify any of the configuration parameters.

mvn audit-plugin:audit

Generate a CodePro Audit Report As Part of the Project Reports

To generate the CodePro audit report as part of the project reports, add the CodePro Audit plugin in the <reporting> section of your project pom.

<project>
  ...
  <reporting>
    <plugins>
      ...
      <plugin>
        <groupId>com.instantiations</groupId>
        <artifactId>audit-plugin</artifactId>
        <reportSets>
          <reportSet>
            <id>dual-report</id>
            <configuration>
              ...
            </configuration>
            <reports>
              <report>auditReport</report>
            </reports>
          </reportSet>
        </reportSets>
      </plugin>
      ...
    </plugins>
  </reporting>
  ...
</project>

For a description of the configuration parameters, see the documentation for the auditReport goal.

Then, execute the site lifecycle to include the report in the project reports.

mvn site

Generate a CodePro Audit Series Report As Part of the Project Reports

To generate the CodePro audit series report as part of the project reports, add the CodePro Audit plugin in the <reporting> section of your project pom.

<project>
  ...
  <reporting>
    <plugins>
      ...
      <plugin>
        <groupId>com.instantiations</groupId>
        <artifactId>audit-plugin</artifactId>
        <reportSets>
          <reportSet>
            <id>dual-report</id>
            <configuration>
              ...
            </configuration>
            <reports>
              <report>seriesReport</report>
            </reports>
          </reportSet>
        </reportSets>
      </plugin>
      ...
    </plugins>
  </reporting>
  ...
</project>

For a description of the configuration parameters, see the documentation for the seriesReport goal.

Then, execute the site lifecycle to include the report in the project reports.

mvn site