Java
Code Analysis
.deepsource.toml
This section covers .deepsource.toml
configuration specific to the java
analyzer. Please make sure to read the general configuration guide first.
The Java analyzer supports Gradle, Maven and Bazel projects. There is no difference in configuration between them, and all types of projects can be initialized through the simple workflow of the DeepSource configuration generator.
name
- Type: String
- Presence: mandatory
- Description: Shortcode of the analyzer.
- Example:
enabled
- Type: Boolean
- Presence: optional
- Description: Toggle whether this analyzer should be run.
- Example:
meta
- Type: Table
- Presence: mandatory
- Description: Additional data used to configure the analyzer.
- Example:
runtime_version
- Type: String
- Presence: mandatory
- Description: The Java runtime version to use when running the analyzer. OpenJDK versions 8 to 21 are currently supported.
- Aliases:
java_version
- Example:
if runtime_version
is not specified, or is the wrong Java version, analysis may show incorrect results. Specify the Java version you use in CI for best results.
skip_doc_coverage
- Type: Array
- Presence: optional
- Description: Specify which artifacts to skip when calculating documentation coverage.
- Available Values:
test
,class
,constructor
andnonpublic
test
- Ignore documentation coverage within testsclass
- Ignore class documentation coverageconstructor
- Ignore constructor documentation coveragenonpublic
- Ignore documentation coverage for any declaration not marked aspublic
- Default Value:
[ "test" ]
- Example:
If skip_doc_coverage
is set, it will override any default configuration. That is, if this key is set, and you wish to ensure documentation coverage is skipped for elements that are skipped by default (like tests), you must specify those as well as the additional elements you wish to skip.
cyclomatic_complexity_threshold
- Type: String
- Presence: optional
- Description: Specify the acceptable risk category for your project as the threshold. All functions with complexity beyond this threshold will raise an issue. For example, setting the threshold to
low
will flag all functions that have a cyclomatic complexity of more than5
, while setting the threshold tocritical
will not flag any function. - Available Values:
low
,medium
,high
,very-high
andcritical
Risk category | Cyclomatic complexity range | Recommended action |
---|---|---|
low | 1-5 | No action is needed. |
medium | 6-15 | Review and monitor. |
high | 16-25 | Review and refactor. Recommended to add detailed comments if the function absolutely needs to be kept as it is. |
very-high | 26-50 | Refactor to reduce the complexity. |
critical | >50 | Must refactor this. This can make the code untestable and very difficult to understand. |
- Default Value:
medium
- Example:
Sample config
Code Coverage
Java
The test coverage analyzer supports test coverage metrics for Jacoco and Clover XML reports.
Jacoco
Setting up test coverage differs with each type of build system (Maven, Gradle, etc.). Here’s an example of the configuration needed to run Jacoco on a maven repo:
Once you’ve added Jacoco to your project’s pom.xml
file, you should be able to run tests and generate the coverage report. The default location of the coverage report is target/site/jacoco/jacoco.xml
.
In case your project has multiple modules, you will need to use the jacoco:report-aggregate
goal to merge all reports together.
After you have the XML test report, you can upload it to DeepSource using the cli:
You should be able to proceed similarly with other build systems such as Ant or Gradle.
Reference: Jacoco documentation
Clover
DeepSource also supports reports generated using Atlassian’s Clover coverage framework. Here’s an example of using it with Maven:
Once you have added these elements to your project’s pom.xml
file, you will be able to instrument and run tests:
This will run tests and in the case of a multimodule project, aggregate the results into a single clover report.
The default output directory for the report is target/site/clover/clover.xml
.
After you have the XML test report, you can upload it to DeepSource using the cli:
You should be able to proceed similarly with other build systems such as Ant or Gradle.
Reference: Clover documentation
Code Formatter (Transformer)
google-java-format
Transform all incoming Java code with google-java-format, a formatter that follows Google’s Java style guide.
This section covers .deepsource.toml
configuration specific to the google-java-format
transformer. Please make sure to read the general configuration guide first.
name
- Type: String
- Presence: mandatory
- Description: Shortcode of this transformer.
- Example:
enabled
- Type: Boolean
- Presence: optional
- Description: Toggle whether this transformer should be run.
- Example:
Vulnerability Scanning
Supported target files:
pom.xml
(Maven)buildscript-gradle.lockfile
(Gradle)gradle.lockfile
(Gradle)
Was this page helpful?