In today’s tutorial, we’ll learn about how to ensure high-quality Android code in our projects using some static code analysis tools for Java. We’ll look at Checkstyle, FindBugs, PMD, and Android Studio Lint—all of them free and open source!
What Are Static Code Analysis Tools?
These are tools that parse and analyse your source code without actually executing it. The goal is to find potential vulnerabilities such as bugs and security flaws. A popular free static code analyser such as FindBugs checks your code against a set of rules which your code should adhere to—if the code doesn’t follow these rules, it’s a sign that something may be wrong. Think of static code analysis tools as an additional compiler that is run before the final compilation into the system language.
Many software companies are requiring projects to pass static code analysis tests, in addition to doing code reviews and unit testing in the build process. Even maintainers of open-source projects often include one or more static code analysis steps in the build process. So learning about static analysis is an important step in writing quality code. Be aware that static code analysis—also known as “white-box” testing—should not be seen as a replacement for unit testing of your source code.
In this tutorial, we’re going to learn about some popular static analysis tools that are available for Android and Java. But first, let’s see some of the benefits of using static analysis.
- Helps detect potential bugs that even unit or manual testing might have missed.
- Defines project-specific rules. For example, static analysis as part of the build chain helps newcomers get up to speed with the code standards of their new team.
- Helps you improve your knowledge of a new language.
- Scans your whole project, including files that you might not have ever read.
All the code analysis tools we’ll learn about in this tutorial are available as Gradle plugins, so we can create individual Gradle tasks for each of them. Let’s use a single Gradle file that will include them all. But before that, let’s create a folder that will contain all of our files for the static code analysis.