Code Quality Tools Review: Sonar, PMD, Findbugs and Checkstyle

Code Quality Tools Review: Sonar, Findbugs, PMD and Checkstyle

Code quality tools fulfill the common need, as our code bases become larger and more complex, and it is so important to automate your code checks as much as possible. They are pretty versatile and customizable, and typically they are integrated into your build process, but can also be run manually in a one-off fashion. You can integrate some code qualit tools with your CI servers like Bamboo or free Hudson server.

Sonar, which combines all three(PMD, FindBugs, Checkstyle) into a single tool, seems to be the most well suited for advanced users & enterprise teams.

PMD

License: Open Source
Current version: 5.0.5 (11th August 2013)
URL: http://pmd.sourceforge.net/
PMD is a source code analyzer. It finds unused variables, empty catch blocks, unnecessary object creation, and so forth. It supports Java, JavaScript, XML, XSL.
Also it includes CPD, the copy-paste-detector. CPD finds duplicated code in Java, C, C++, C#, PHP, Ruby, Fortran, JavaScript.

PMD is used for detecting bad practices in code, which is intended decrease the number of bugs in your code. The theory is that conforming to good practices in coding leads to better code, which we definitely agree with.

FindBugs

License: Open Source
Current version: 2.0.3 (released 22.11.2013)
URL: http://findbugs.sourceforge.net/
This is the web page for FindBugs, a program which uses static analysis to look for bugs in Java code. FindBugs has been downloaded more than a million times.

FindBugs was the most-used tool in the Code Quality space according to our survey results. Created by the University of Maryland, it actually scans your code for bugs, breaking down the list of bugs in your code into a ranked list on a 20-point scale. The lower the number the scarier the bug. While FindBugs also does some checking of best practices, PMD is better suited and is a common combination.

Checkstyle

License: Open Source
Current version: 5.7 (released 2013-09-23)
URL: http://checkstyle.sourceforge.net/
Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. It automates the process of checking Java code to spare humans of this boring (but important) task. This makes it ideal for projects that want to enforce a coding standard.

Checkstyle is incredibly useful in a team environment: whenever you introduce individual developers’ IDE preferences for viewing and editing, you without doubt have gotten into the old “tabs vs. spaces” flamewar. Checkstyle helps you maintain your code easier because it’s more readable as a result of adhering to code standards that Checkstyle introduces, such as complaining about poor formatting in your source code.

Sonar

License: Open Source
Current version: 4.0 (released Nov. 7, 2013)
URL: http://www.sonarsource.org/
Put your technical debt under control. Productivity is falling? Confess your source code to clean it up!

Sonar is the most polished tool in the code quality space, and literally includes PMD, FindBugs and Checkstyle all in a single package, plus some excellent support for tools in the Java ecosystem. You can find plugins readily available for all sorts of useful tools: Checkstyle, Clover, Cobertura, Emma, FindBugs, JaCoCo, PMD.

Sonar is used as more of an orchestration engine, letting you call on all of the previous tools and aggregating their results. It is very convenient to use, especially if you’re already using Maven, and certainly helps you “get your technical debt” under control. In a large, enterprise environment, Sonar and some combination of the previous tools is essential.

Conclusion:

Putting it simply, code quality tools are pretty cool and can lead to reducing stress during development and later during maintenance of the code.

The level of confidence you have in your code is never higher than when all of your tests are passing. Sonar is the tool, can gives you the freedom to relax after development phase.

• About
• Latest Posts

Follow me

Gopal Das

Founder at GopalDas.Org

He is a technology evangelist, Salesforce trainer, blogger, and working as a Salesforce Technical Lead. After working in Java based project implementation, he jumped to the Salesforce system on a whim and never looked back. He fell in love with Salesforce’s flexibility, scalability, and power. He expanded his knowledge of the platform and became a Certified App Builder, Administrator, Platform Developer I, SalesCloud Consultant while leading the Salesforce implementation and technology needs. He has worked in a wide variety of applications/services like desktop, web and mobile applications.

Follow me

Latest posts by Gopal Das (see all)

• Salesforce Certified Platform Developer I – Winter ’18 Release Exam - November 23, 2017
• Salesforce Certified Platform App Builder – Winter ’18 Release Exam - November 22, 2017
• Salesforce Certified Administrator – Winter’ 18 Release Exam - November 21, 2017