Is it possible to perform static code analysis without compiling?

Asked Feb 04 '20 at 07:32

Active Feb 05 '20 at 08:27

Viewed 559 times

I'm working on a study around code best practices. And i'm trying to perform some automatic static code analysis on a list of repositories (maven projects) using sonarqube

The problem is that 99% of the repositories need specific steps to build. ( mvn compile is not sufficient), and i can't continue on the pipeline to send the code on Sonarqube..

That why i want to have on-steroid tools to perform code analysis without build (without analyzing managed code). I have found lizard (Lizard is an extensible Cyclomatic Complexity Analyzer for many programming languages). But it doesn't have the same power as Sonarqube.

Is it possible to do that with sonarqube? is there any other tool as powerful as sonarqube?

Thank you!

edited Feb 05 '20 at 08:27

Lonzak

9,334
5
57
88

asked Feb 04 '20 at 07:32

Walidou

I know that findbugs/spotbugs runs on bytecode. So fetch the (binary)jars from the repo and analyze them afterwards... – Lonzak Feb 05 '20 at 08:26
[PMD analyzes source code](https://pmd.github.io/), though you are probably asking for trouble if it contains compilation errors. There is also [checkstyle](https://checkstyle.sourceforge.io/), but note its [limitations](https://checkstyle.sourceforge.io/writingchecks.html#Limitations). – skomisa Feb 06 '20 at 18:12

Is it possible to perform static code analysis without compiling?

0 Answers0