naveen 57dfc7fb40 chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-04-29 01:00:46 +00:00
2022-04-15 19:54:31 +02:00
2022-04-15 19:54:31 +02:00
2022-03-24 16:46:42 +01:00
2022-04-22 08:55:55 +02:00

PMD - source code analyzer

Join the chat at https://gitter.im/pmd/pmd Build Status Maven Central Reproducible Builds Coverage Status Codacy Badge Contributor Covenant Documentation (latest)

PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It supports many languages. It can be extended with custom rules. It uses JavaCC and Antlr to parse source files into abstract syntax trees (AST) and runs rules against them to find violations. Rules can be written in Java or using a XPath query.

It supports Java, JavaScript, Salesforce.com Apex and Visualforce, Modelica, PLSQL, Apache Velocity, XML, XSL, Scala.

Additionally it includes CPD, the copy-paste-detector. CPD finds duplicated code in C/C++, C#, Dart, Fortran, Go, Groovy, Java, JavaScript, JSP, Kotlin, Lua, Matlab, Modelica, Objective-C, Perl, PHP, PLSQL, Python, Ruby, Salesforce.com Apex, Scala, Swift, Visualforce and XML.

In the future we hope to add support for data/control flow analysis and automatic (quick) fixes where it makes sense.

🚀 Installation and Usage

Download the latest binary zip from the releases and extract it somewhere.

Execute bin/run.sh pmd or bin\pmd.bat.

See also Getting Started

Demo:

This shows how PMD can detect for loops, that can be replaced by for-each loops.

Demo

There are plugins for Maven and Gradle as well as for various IDEs. See Tools / Integrations

How to get support?

🤝 Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Our latest source of PMD can be found on GitHub. Fork us!

The rule designer is developed over at pmd/pmd-designer. Please see its README for developer documentation.

💵 Financial Contributors

Become a financial contributor and help us sustain our community. Contribute

Contributors

This project follows the all-contributors specification. Contributions of any kind welcome!

See credits for the complete list.

📝 License

BSD Style

Languages
Java 75.5%
Apex 9.7%
Kotlin 9.1%
ANTLR 2.7%
PLSQL 1%
Other 1.8%