Don't Shoot the Messenger (the PMD Plugin)

Stephen Connolly's picture

by Stephen Connolly, CloudBees

Stephen has nearly twenty years experience in software development. He is involved in a number of open source projects including Jenkins. Stephen was one of the first non-Sun committers to the Jenkins project and is the person directly responsible for the weather icons. Stephen lives in Dublin, Ireland - where the weather icons are particularly useful. Follow Stephen on Twitter and on his blog.



For the Java developer there are three real go-to tools for providing static analysis.  On one end of the spectrum you have Checkstyle, and on the other you have Findbugs.  Checkstyle looks at your source code and compares it to the coding style rules you have defined. Findbugs looks at the compiled byte code, looking for patterns that are usually associated with bugs. Sitting firmly in the middle of all of this is PMD, which looks for patterns in your source code… a kind of a hybrid between Findbugs and Checkstyle.

Each tool has its advantages, and in general I just use all three… as long as you make sure that you are not using conflicting rulesets with the different tools (i.e., it is not a good idea to have Checkstyle enforce the opposite of PMD).

PMDs sweet-spot is programming style… as opposed to coding style… though programming style is somewhat harder to define. 

Stable Release Version

The latest release is 3.28 which was released in March 2012.

Requirements for Plugin Use

This plugin requires Jenkins 1.409 or newer, as well as the Analysis-Core plugin version 1.41.

Step-by-Step Instructions on How to Use the PMD Plugin


 PMD Plugin Installation

  1. Go to your Jenkins instances root page.
  2. If your Jenkins instance has security enabled, login as a user who has the Overall | Administer permission.
  3. Select the Manage Jenkins link on the left-hand side of the screen.
  4. Select the Manage Plugins link.
  5. On the Available tab, select the PMD Plugin and click the Download and Install button at the bottom of the page. (All the required dependent plugins will automatically be downloaded for you.)
  6. (If you are using a version of Jenkins prior to 1.442) Restart Jenkins once the plugins are downloaded.


Before you can use this plugin you must ensure that your job is generating PMD reports. The Jenkins plugin will not run PMD for you. It will report the results that your build produces.

With Maven-based projects, this is usually a case of ensuring that the maven-pmd-plugin is executed during your build. With ANT-based projects, you will need to ensure that your build invokes the PMD ANT tasks, while other build systems will have their own integrations.

Usually the PMD results will be saved in an XML file called pmd.xml. If you are that lucky, then enabling the plugin is just a matter of selecting the Publish PMD analysis results checkbox in the Post-build Actions:

PMD ANT task

With the Freestyle project type there is a text box where you can enter the filename pattern that the plugin will use to find the PMD XML results. The text box assumes that the pattern is **/pmd.xml unless you enter an alternative pattern, so 99 times out of 100 you can just leave the text box empty.

If you are using the Maven project type, the plugin will capture the XML filename(s) from the Maven plugin, so there is no need to configure the filename pattern and, as a result, there is no text box to fill in!

Tips & Tricks

There are some additional advanced options available if you click on the Advanced button for the PMD analysis plugin:

  • By default, the plugin only runs for stable or unstable builds (on the assumption that you only run the PMD reports when the code compiles). If you need the reports to be collected for every build, just enable the Run always option.
  • If you are using a Freestyle project[3] with an ANT or Maven multi-module project, you may want to see the reports broken down by module. You can ask the plugin to try and auto-detect the modular structure of your build by enabling the Detect modules option.
  • You have a project with 10,000 PMD errors. You don’t want to fix all of them this sprint, but you want to make some progress, i.e. get down to 9,500 — you certainly don’t want things getting worse. The solution here is to use a mix of the Health and Status thresholds:

PMD analysis plugin health thresholds

  • Set 0% health to the current number of PMD errors, e.g. 10,000. Set 100% health to somewhere between 20 and 50% better than your target, e.g. 9,300. Set the status thresholds so that unstable is about 10% of your target, e.g. 9,950, and failed is slightly worse than where you are, e.g. 10,001:


PMD analysis plugin status thresholds

  • The result will be that developers will be prodded into fixing some PMD issues (as the build will be called out as unstable) and prevented from letting things get worse (as the build will be marked as failed if that happens) and once some progress has been made, the weather reports will start to improve, giving a nice subtle nudge… just the kind of positive feedback that works.
  • The PMD plugin can be somewhat demanding on memory, if your project has a very large number of PMD violations, you may have to resort to either fixing a large chunk of them or switching to the Violations plugin which uses a different parsing engine and usually maintains a lower memory footprint.

How to Use it on DEV@cloud

If you are using the CloudBees Platform as a Service (PaaS), the plugin is identical to configure on DEV@cloud

Any Known Issues


Relevant Documentation

- Stephen Connolly
Elite Developer and Architect


Add new comment