Hudson’s Top Code Analysis Plugins

Hudson can be extended in every possible way by a whopping 350+ plugins! We were most impressed with the code analysis suite. This set of plugins helped us to significantly increase the efficiency of our code review process, and to improve our code quality. In this article, we share our experience with the suite and introduce many of the great code analysis features.

Developers do make mistakes. These mistakes do not only include bugs, but also code-quality issues, like code that is not sufficiently documented, or hard to maintain. Successful software development projects must take that fact into account. Most development projects introduce some code review process that helps the team to find and fix these mistakes.

Code review always requires manual examination of the code. However, static code analysis tools can be used to get some hints for potential mistakes, and thus improve the efficiency of the code review.

The FindBugs plugin

The most important static code analysis tool for our project is FindBugs, which is an open source program that identifies a multitude of potential errors in Java programs (see the article “Evaluation of FindBugs” ). Before using Hudson, we used to run FindBugs manually on our local developer laptops.

Maven FindBugs Report
Maven FindBugs Report

However, FindBugs does not only find bugs, it also produces a long list of warnings for code that is perfectly alright.

The problem with individual/single FindBugs runs is that the list contains many non-essential warnings: The figure above shows a typical Maven FindBugs Report with 152 FindBugs warnings. There is hardly any Java project that does not have any FindBugs warnings. When doing code reviews, we continuously ended up reiterating the same lists of FindBugs warnings, and in most cases, we just learned that we had checked these warnings before and found the code was alright.

Moving FindBugs to the Hudson server puts the focus on important warnings: Using Hudson’s static code analysis plugins allowed us to have the FindBugs output checked automatically on the Hudson server. This does not only relieve us from running FindBugs manually, but it also introduces an additional dimension of information: the time axis! Hudson compares the FindBugs results of consecutive builds and shows which warnings are new and have been introduced with a certain build.

The FindBugs result overview shows 14 warnings, 1 new warning, 0 fixed warnings.
The FindBugs result overview shows 14 warnings, 1 new warning, 0 fixed warnings.

An example of a FindBugs result page is shown in the figure above (screenshot from Kohsuke’s slides). The page reports that a build had:

  • 14 warnings
  • 1 new warning
  • 0 fixed warnings

When running FindBugs locally, you would only learn that there are 14 warnings. The notion of a new warning is additional information that is provided by the Hudson plugin. For each build, Hudson shows you which FindBugs warnings have been newly introduced with that build.

Hudson’s result page provides immediate benefit for code reviewers. When doing code reviews, it is no longer necessary to reiterate lists of FindBugs warnings that are unrelated to the changes you are reviewing. Therefore, Hudson helps developers to pay more attention to important FindBugs warnings, which significantly increases the efficiency and quality of the code review process.

Hudson’s Static Code Analysis Plugin Suite

Hudson’s FindBugs plugin is part of the Static Code Analysis Plugin Suite. The static code analysis plugin provides a common visualization backend that produces Trend Graphs for code analysis tools.

Example of a Static Code Analysis Trend Graph
Example of a Static Code Analysis Trend Graph

The figure above shows an example of a static code analysis trend graph (screenshot from the Hudson Wiki). It shows the total warnings per build including the distribution of the priorities low, normal, and high in different colors.

The following is an overview of the static code analysis tools that can be integrated with Hudson’s code analysis visualization:

  • FindBugs examines the source code and reports certain error categories, like correctness, bad practice, and dodgy code.
  • DRY: Don’t Repeat Yourself supports CPD, which is PMD’s Copy-And-Paste-Detector.
  • Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard, e.g. the Sun Code Conventions.
  • Warnings scans several compiler outputs for warnings.
  • Task Scanner scans for TODOs in the code.

The code analysis plugin does not actually run the code analysis tools; it merely analyzes the output of these tools. To exemplify this, the process for FindBugs is as follows:

  1. Hudson calls the build tool (ANT or Maven) to run FindBugs.
  2. FindBugs writes its results to an XML file.
  3. The static code analysis plugin analyses the XML file and generates a report page, including the trend graph.

The following is an ANT task that we use to run FindBugs. The corresponding pom.xml for Maven users can be found in the Hudson Wiki page of the FindBugs plugin:

<target name="findbugs" depends="compile">
<taskdef name="findbugs"
<mkdir dir="${dir.dist}/reports"/>
<findbugs home="tools/findbugs-1.3.9" output="xml"
<sourcePath path="${dir.src}" />
<class location="${}" />
<auxClasspath refid="classpath" />

In a similar way, all the tools mentioned above can be integrated into Hudson, which adds state-of-the-art support for static code analysis to your Hudson dashboard.


Hudson’s static code analysis plugin provides automatic execution of static code analysis tools on the Hudson server. The plugin analyzes the output of these tools, and reports the changes of the output over time.

For each build, Hudson does not only show a list of warnings, it also tells you which warnings are new in that specific build. That way, it relieves you from reiterating lists of warnings that are potentially unrelated to the code you want to review, and it helps you to focus on the important information.

Using Hudson’s static code analysis plugins in our project, we found that Hudson’s reports helped us to pay more attention to important warnings. That way, Hudson’s code analysis tools increased the efficiency of our code review process, and helped us to improve our code quality.

With its easy set-up, the simplicity of its user interface, and the usefulness of its plugins, Hudson has had an important impact on the success of our project.