As we outlined in a post earlier, one of our main goals is to integrate static code analyzers more deeply into the Atlassian product suite. Our first add-on that addresses this is called Code Review Assistant. This Stash add-on creates a pull request comment for every issue that is found by the integrated static code analyzers in the diff of a pull request. We use Stash’s pull request comments because they can be discussed and working tasks can be generated from them.

Example of a found issue from the PMD static code analyzer as a pull request comment.

Code Review Assistant supports the programming languages Java, Groovy, Scala and JavaScript by integrating the static code analyzers PMD, Checkstyle, Scalastyl, CodeNarc and JSLint & JSHint. This has the advantage that there is practically no configuration necessary to get started (no build configurations to trigger the static analyzer tools or further installations are necessary). But this approach is also restricted to the mentioned programming languages — which is why we call it Code Reviews Light.

On the screenshot above you see an example of an issue that has been raised by the static analyzer PMD. The given piece of Java code shows an exception handler which suppresses a potential exception with an empty block. The generated pull request comment by the Code Review Assistant add-on clearly shows the problem of incomplete exception handling and even provides an example to make the problem clear. If the reviewer does not see this as a problem, the pull request comment can just be deleted. For more problematic issues, a task can be created so that the fix for the issue will not be forgotten. And it is also possible to discuss issues like these with the reviewer team and the author by replying to the comment.

In the next blog post, we will introduce a more flexible approach (but one that also needs more work) to integrate static code analyzers into Atlassian Stash.