Java Package

DeepScan provides a Java package (.jar) which enables you to see bugs and quality issues in the CLI (command-line interface).

Overview

DeepScan for Java helps you to see bugs and quality issues in the CLI (command-line interface). As for the code review, you can check the code by this package on your CI.

  • Analyze a whole project folder or specific folder/files.
  • Report issues by format.
  • Ignore rules or pattern of files.
Java package

Requirements

To run this package, you need Java 8 (Oracle's JDK or OpenJDK).

Run

This assumes that you have downloaded the package file as D:\deepscan-cli.jar.

Since the package file is an executable JAR file, you can execute it as follows without any installation process:

java -jar D:\deepscan-cli.jar

If you run it without any arguments, it displays help. When you run it with a folder or file argument, the analysis begins and you can see the results.

java -jar D:\deepscan-cli.jar D:\test\src
Starting to analyze: D:\test\src
Total: Issues (8) Files (5) Total Lines (52) Lines of Code (43)
Top 10 Violated Rules
...
8 issues (2 high, 4 medium, 2 low)
"High","GETTER_SETTER_RECURSION","This property access causes an infinite recursion of the getter function.","import.js","10:16-10:25"
...

The analysis results consist of two parts:

Summary
  • Number of issues, number of files, number of total lines and source lines (Source lines mean the actual lines excluding comments or empty lines from the source)
  • Top violated rules
  • The number of issues according to the impact
Detailed Results
  • A full list of issues
  • List of: impact, rule name, message, file name, and location (<start line>:<start column>-<end line>:<end column>)

Applying a License

If you have a package file containing a license, you can execute it directly. But if the package file does not contain a license or you want to apply a new license, then you must specify the license file through the -l or --license argument. 

java -jar D:\deepscan-cli.jar D:\test\src --license D:\license.key

If you do not have a valid license, you will get a license-related error when executing.

Settings

DeepScan for Java provides the following options.

-f, --format

Use a specific output format. (defaults to csv)

  • csv is a CSV string
  • html is a HTML string (a standalone report with analysis results and charts)
  • json is a JSON string 
    [{
    "impact":"<impact>",
    "name":"<rule name>",
    "message":"<message>",
    "filePath":"<file name>",
    "span":{"startLine":<start line>,"startCol":<start column>,"startOffset":<start offset>,"endLine":<end line>,"endCol":<end column>,"endOffset":<end offset>},
    "location":"<start line>:<start column>-<end line>:<end column>",
    "codeFragment":"<code fragment>","
    "source":"deepscan"
}, { ... }]

-o, --output-file

Specify file to write report to.

Below is an example of saving an HTML report as a report.html file.

java -jar D:\deepscan-cli.jar D:\test\src -f html -o report.html

-q, --quiet

Specify whether to omit the summary from the analysis results.

This option is useful when you have an output in CSV or JSON format because you can get only detailed results directly as the format.

-t, --top

Specify the number of the top violated rules in the summary. (defaults to 10)

--ignore-rules

Specify rules to ignore.

java -jar D:\deepscan-cli.jar D:\test\src --ignore-rules UNUSED_DECL,UNUSED_VAR_ASSIGN

--ignore-patterns

Specify pattern of files to ignore. Each pattern follows the gitignore format.

java -jar D:\deepscan-cli.jar D:\test\src --ignore-patterns "lib/,*.jsx"

Exit Code

  • 0 when no issues are reported
  • 1 when only low-impact issues are reported
  • 2 when high or medium-impact issues are reported

Analysis

Analysis Target

For detailed information about the analysis target, refer to the following:

Last updated on March 29, 2024