Checkstyle vs. PMD

Question

We are introducing static analysis tools into the build system for our Java product. We are using Maven2 so Checkstyle and PMD integration come for free. However it looks li

Answer 1

And 10 years later ... In 2018 I use all of them Checkstyle, PMD and FindBugs.

Start with FindBugs. Maybe add PMD and Checkstyle later.

Never blindly enforce the default rules !

Steps:

• run one tool with default rules on a project which has a lot of code
• adapt the rules to this project, comment out useless rules with some notes
• focus on the low hanging fruits rules (NPE, logger checks, unclosed resource checks, ...)
• perform some fixes for rules you find worthwhile (one at a time !)
• do this for each tool but not all at once !
• repeat this process

Ideally each project can have separate rules. I like running the rules via the build (via maven plugins) and fail on rule errors once I know a project passes all the rules I defined. This forces developers to take action, because reporting is not enough. From that point on your project is pretty much bullet proof and you could even add more rules later on and/or write custom rules.