Violation Comments To GitLab Command Line

![NPM ](https://www.npmjs.com/package/violation-comments-to-gitlab-command-line)
![Maven Central](https://maven-badges.herokuapp.com/maven-central/se.bjurr.violations/violation-comments-to-gitlab-command-line)
![Docker Pulls](https://hub.docker.com/r/tomasbjerre/violation-comments-to-gitlab-command-line/)

Report static code analysis to GitLab. It uses the Violations Lib.

!GitLab Comment

| Version | Java Version |
| ------------------| ------------ |
| version < 1.33.0 | 8 |
| 1.33.0 - 1.35.1 | 11 |
| 1.36.0 <= version | 17 |

The runnable can be found in NPM.

Run it with:

``shell npx violation-comments-to-gitlab-command-line \ -at K2RS-JdV6Rh3sQJmMQgV \ -pi tomas.bjerre85/violations-test \ -mr-iid 1 \ -v "CHECKSTYLE" "." ".*checkstyle/main\.xml$" "Checkstyle" \ -v "JSHINT" "." ".*jshint/report\.xml$" "JSHint"`

An alternative to this tools is transforming the reports to CodeClimate use that to report to GitLab, see README in violations-command-line.

You must perform the merge before build. If you don't perform the merge, the reported violations will refer to other lines then those in the pull request. The merge can be done with a shell script like this.

`echo --- echo --- Merging from $FROM in $FROMREPO to $TO in $TOREPO echo --- git clone $TOREPO cd * git reset --hard $TO git status git remote add from $FROMREPO git fetch from git merge $FROM git --no-pager log --max-count=10 --graph --abbrev-commit

Your build command here!`

Example of supported reports are available here.

A number of parsers have been implemented. Some parsers can parse output from several reporters.

| Reporter | Parser | Notes | --- | --- | --- | _ARM-GCC_ |CLANG| | _AndroidLint_ |ANDROIDLINT| | _Ansible-Later_ |ANSIBLELATER | With jsonformat | _AnsibleLint_ |FLAKE8 | With -p| _Bandit_ |CLANG | With bandit -r examples/ -f custom -o bandit.out --msg-template "{abspath}:{line}: {severity}: {test_id}: {msg}"| _CLang_ |CLANG| | _CPD_ |CPD| | _CPPCheck_ |CPPCHECK | With cppcheck test.cpp --output-file=cppcheck.xml --xml| _CPPLint_ |CPPLINT| | _CSSLint_ |CSSLINT| | _Checkstyle_ |CHECKSTYLE| | _CloudFormation Linter_ |JUNIT | cfn-lint . -f junit --output-file report-junit.xml| _CodeClimate_ |CODECLIMATE| | _CodeNarc_ |CODENARC| | _Coverity_ |COVERITY| | _Dart_ |MACHINE | With dart analyze --format=machine| _Dependency Check_ |SARIF | Using --format SARIF| _Detekt_ |CHECKSTYLE | With --output-format xml. | _DocFX_ |DOCFX| | _Doxygen_ |CLANG| | _ERB_ |CLANG | With erb -P -x -T '-' "${it}" \| ruby -c 2>&1 >/dev/null \| grep '^-' \| sed -E 's/^-([a-zA-Z0-9:]+)/${filename}\1 ERROR:/p' > erbfiles.out. | _ESLint_ |CHECKSTYLE | With format: 'checkstyle'. | _Findbugs_ |FINDBUGS| | _Flake8_ |FLAKE8| | _FxCop_ |FXCOP| | _GCC_ |CLANG| | _GHS_ |GHS| | _Gendarme_ |GENDARME| | [_Generic reporter_]() |GENERIC| Will create one single violation with all the content as message. | _GoLint_ |GOLINT| | _GoVet_ |GOLINT| Same format as GoLint. | _GolangCI-Lint_ |CHECKSTYLE | With --out-format=checkstyle. | _GoogleErrorProne_ |GOOGLEERRORPRONE| | _HadoLint_ |CHECKSTYLE | With -f checkstyle| _IAR_ |IAR | With --no_wrap_diagnostics| _Infer_ |PMD | Facebook Infer. With --pmd-xml. | _JACOCO_ |JACOCO| | _JCReport_ |JCREPORT| | _JSHint_ |JSLINT | With --reporter=jslint or the CHECKSTYLE parser with --reporter=checkstyle| _JUnit_ |JUNIT| It only contains the failures. | _KTLint_ |CHECKSTYLE| | _Klocwork_ |KLOCWORK| | _KotlinGradle_ |KOTLINGRADLE| Output from Kotlin Gradle Plugin. | _KotlinMaven_ |KOTLINMAVEN| Output from Kotlin Maven Plugin. | [_Lint_]() |LINT| A common XML format, used by different linters. | _MSBuildLog_ |MSBULDLOG | With -fileLogger use .*msbuild\\.log$ as pattern or -fl -flp:logfile=MyProjectOutput.log;verbosity=diagnosticfor a custom output filename | _MSCpp_ |MSCPP| | _Mccabe_ |FLAKE8| | _MyPy_ |MYPY| | _NullAway_ |GOOGLEERRORPRONE| Same format as Google Error Prone. | _PCLint_ |PCLINT| PC-Lint using the same output format as the Jenkins warnings plugin, _details here_ | _PHPCS_ |CHECKSTYLE | With phpcs api.php --report=checkstyle. | _PHPPMD_ |PMD | With phpmd api.php xml ruleset.xml. | _PMD_ |PMD| | _Pep8_ |FLAKE8| | _PerlCritic_ |PERLCRITIC| | _PiTest_ |PITEST| | _ProtoLint_ |PROTOLINT| | _Puppet-Lint_ |CLANG | With -log-format %{fullpath}:%{line}:%{column}: %{kind}: %{message}| _PyDocStyle_ |PYDOCSTYLE| | _PyFlakes_ |FLAKE8| | _PyLint_ |PYLINT | With pylint --output-format=parseable. | _ReSharper_ |RESHARPER| | _RubyCop_ |CLANG | With rubycop -f clang file.rb| _SARIF_ |SARIF | v2.x. Microsoft Visual C# can generate it with ErrorLog="BuildErrors.sarif,version=2". | _SbtScalac_ |SBTSCALAC| | _Scalastyle_ |CHECKSTYLE| | _Semgrep_ |SEMGREP | With --json. | _Simian_ |SIMIAN| | _Sonar_ |SONAR | With mvn sonar:sonar -Dsonar.analysis.mode=preview -Dsonar.report.export.path=sonar-report.json. Removed in 7.7, see SONAR-11670 but can be retrieved with: curl --silent 'http://sonar-server/api/issues/search?componentKeys=unique-key&resolved=false' \| jq -f sonar-report-builder.jq > sonar-report.json. | _Spotbugs_ |FINDBUGS| | _StyleCop_ |STYLECOP| | _SwiftLint_ |CHECKSTYLE | With --reporter checkstyle. | _TSLint_ |CHECKSTYLE | With -t checkstyle| _Valgrind_ |VALGRIND | With --xml=yes. | _XMLLint_ |XMLLINT| | _XUnit_ |XUNIT| It only contains the failures. | _YAMLLint_ |YAMLLINT | With -f parsable| _ZPTLint_ |ZPTLINT |

52 parsers and 79 reporters.

Missing a format? Open an issue here!

`Usage`

`shell -api-token, -at : any string [Required] -api-token-private : true or false Default: true -comment-only-changed-content, -cocc : true or false Default: true -comment-only-changed-content-context, -coccc : 0 to 2,147,483,647 Default: 0 -comment-only-changed-files, -cocf True if only changed files should be commented. False if all findings should be commented. : true or false Default: true -comment-template https://github. com/tomasbjerre/violation-comments-lib : any string Default: -create-comment-with-all-single-file-comments, - : true or false ccwasfc Default: false -create-single-file-comments, -csfc : true or false Default: true -gitlab-url, -gu : any string Default: https://gitlab.com/ -h, --help : an argument to print help for Default: If no specific parameter is given the whole usage text is given -ignore-certificate-errors : true or false Default: true -keep-old-comments : true or false Default: false -max-number-of-comments, -mnoc : -2,147,483,648 to 2,147,483,647 Default: 2,147,483,647 -mr-iid Example: 1 [Required] : any string -project-id, -pi Can be the string or the number. Like 'tomas. bjerre85/violations-test' or '2732496' : any string Default: -proxy-password : any string Default: -proxy-server : any string Default: -proxy-user : any string Default: -severity, -s Minimum severity level to report. : {INFO | WARN | ERROR} Default: INFO -should-set-wip : true or false Default: false -show-debug-info Please run your command with this parameter and supply output when reporting bugs. Default: disabled --violations, -v The violations to look for. where PARSER is one of: ANDROIDLINT, CHECKSTYLE, CODENARC, CLANG, CPD, CPPCHECK, CPPLINT, CSSLINT, FINDBUGS, FLAKE8, FXCOP, GENDARME, IAR, JCREPORT, JSHINT, LINT, KLOCWORK, KOTLINMAVEN, KOTLINGRADLE, MSCPP, MYPY, GOLINT, GOOGLEERRORPRONE, PERLCRITIC, PITEST, PMD, PYDOCSTYLE, PYLINT, RESHARPER, SBTSCALAC, SIMIAN, SONAR, STYLECOP, XMLLINT, YAMLLINT, ZPTLINT, DOCFX, PCLINT Example: -v "JSHINT" "." ".*/jshint.xml$" "JSHint" [Supports Multiple occurrences] : any string Default: Empty list`

Checkout the Violations Lib for more documentation.

The -comment-template` parameter can be used to fix encoding problems, or just adjust what is being commented. See README in violation-comments-lib.