I would like to know what sort of tools are available to detect bad code (high cyclomatic complexity limit) before checking code in. Working on a legacy project and there is so much spaghetti code already. Sonar is not necessarily helpful in this case because the purpose is not refactoring the legacy code. Only, newly added code is expected to be clean(er).
Important: The distinction between cleaner and bad code in this case is simply "Cyclomatic complexity".
There are three top players for static code analysis, namely
My suggestion one should always have zero Findbug issues as, apart from standard violations, the logical issues pointed by it is class apart.
Sonar is a good tool but it has too much dependency to manage, and the setup is also not very straightforward. On the contrary, one can put Findbug, PMD & Checkstyle checks in place on respective project POMs only, and can even configure it to terminate the build process on any single violation encounter and bind the developer to conform to all standards first before moving ahead with code check-in or build for testing.
Please find below respective Maven plugin details:
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
You can use the JArchitect Tool for this kind of needs, its powerful query language let you create easilly your rules and integrate them into your build process, as example you can execute queries like this:
from m in Methods where m.CyclomaticComplexity>20
select m
