Small question regarding PMD please.
As I am writing this (June 2021), the latest maven pmd plugin is:
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<version>3.14.0</version>
</plugin>
The latest SonarQube pmd plugin is:
PMD
EXTERNAL ANALYSERS
Analyze Java code with PMD.
3.3.1 installed
However, when I am running SonarQube analysis, I am getting this:
[INFO] Sensor PmdSensor [pmd]
[INFO] Execute PMD 6.30.0
[INFO] Java version: 11
[INFO] PMD configuration: /Users/project/target/sonar/pmd.xml
I am quite confused. Where did this PMD 6.30.0 come from?
Especially, I am looking at the official website:
and it says Latest Version: 6.35.0 (29-May-2021)
Hence, my questions, why am I seeing PMD 6.30.0, where is this configured?
Thank you
The maven-pmd-plugin and SonarQube PMD plugin are separate artifacts, which depend on a specific version of PMD. So all three have different versions and lifecycles.
The maven-pmd-plugin uses the latest PMD version at the time the plugin has been released, but you can override the version at runtime: https://maven.apache.org/plugins/maven-pmd-plugin/examples/upgrading-PMD-at-runtime.html
As you can see, maven-pmd-plugin 3.14.0 uses PMD 6.29.0.
As @P.Sanjay pointed out, SonarQube PMD 3.3.1 uses PMD 6.30.0, as mentioned in the release notes (https://community.sonarsource.com/t/new-release-sonar-pmd-plugin-3-3-1/38223). There is also an overview of the different versions in the README.md: https://github.com/jensgerdes/sonar-pmd
PMD itself is released on a regular basis (once per month), so you'll usually find a newer version on https://pmd.github.io than used in the plugins.