Improve Your Coding Style With Checkstyle Findbugs Pmd And Cpd

3 minute read

When you start developing software professionally you will want to ensure that you are writing the best code you can be. Luckily, there are a handful of tools that can help you with. These tools can be configured to automatically check your code style and look for potential bugs in your code, when you build you project.

I have selected a handful of tools which I currently use professionally, and will briefly summarise each of them. Each of them can be used with Mavens reporting framework, to produce easy to view reports.

  1. CheckStyle
  2. Findbugs
  3. PMD and CPD


Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. It automates the process of checking Java code to spare humans of this boring (but important) task. This makes it ideal for projects that want to enforce a coding standard. Checkstyle is highly configurable and can be made to support almost any coding standard.

To install CheckStyle simply add the following reporting plugin to your pom.xml file:


Then run mvn site which will produce the checkstyle report. The report can be accessed via target/site/checkstyle.html and should look similar to the following:

The default ruleset that is used is sun_checks.xml which will check for a ridiculous number of rules. when you get used to using Checkstyle you will probably want to create your own custom ruleset with a specific subset of rules that you want to enforce for your projects.


FindBugs looks for bugs in Java programs. It is based on the concept of bug patterns. A bug pattern is a code idiom that is often an error. Bug patterns arise for a variety of reasons: Difficult language features Misunderstood API methods Misunderstood invariants when code is modified during maintenance Garden variety mistakes: typos, use of the wrong boolean operator FindBugs uses static analysis to inspect Java bytecode for occurrences of bug patterns. We have found that FindBugs finds real errors in most Java software. Because its analysis is sometimes imprecise, FindBugs can report false warnings, which are warnings that do not indicate real errors. In practice, the rate of false warnings reported by FindBugs is generally less than 50%.

To install FindBugs simply add the following report plugin to your projects pom.xml:


You can then generate your projects reports (FindBugs being one of them) by using the mvn site command again.

Access the report the same way you did with CheckStyle (via the target/site/ directory).


PMD is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It supports Java, JavaScript, Apex and Visualforce, PLSQL, Apache Velocity, XML, XSL. Additionally it includes CPD, the copy-paste-detector. CPD finds duplicated code in Java, C, C++, C#, Groovy, PHP, Ruby, Fortran, JavaScript, PLSQL, Apache Velocity, Scala, Objective C, Matlab, Python, Go, Swift and Apex and Visualforce.

Install PMD and CPD by adding the following plugin to your projects pom.xml:


When your projects build is complete you can view the results of PMD and CPD from the projects site reporting section (the same as the above reporting tools).

Let’s take a look at a couple of violations:

Let’s check the code that the first violation is referring to. It it in class BlockchainApiHandler on line 12:

As you can see, it correctly identified the unused import, and also the unused constants!

Let’s look at another one:

And let’s check the code:

Yup, both very valid violations.

As you can see, these kinds of tools are extremely useful. They will help you to keep your code clean and robust, and they automate the entire process. If you are coding at a professional level you should be using these tools.


JaCoCo is a free code coverage library for Java, which has been created by the EclEmma team based on the lessons learned from using and integration existing libraries for many years.

Install Jacoco by adding the following to your <em>pom.xml</em>:



Then run mvn clean install and mvn jacoco:report

The Jacoco code coverage report will then be generated which you can access from <em>/target/site/jacoco</em> and will look something like the following:

Any code highlighted in green has been covered by unit tests.

Any code highlighted in red has not been covered by unit tests.

Any code highlighted in yellow has only been partially covered by unit tests. This will usually be conditionals, where only one of the conditions has been covered.