Analyzing JSP Code

The PMD plugin analyzes Java by default. You can configure it to analyze Java Server Pages files instead as shown below.

The example assumes that the JSP source code is stored in various subdirectories under the source directory src/main/webapp and enables all rules from the categories "Best Practices", "Codestyle", "Design", "Error Prone" and "Security".

Note that you have to make sure that you configure compileSourceRoots and includes, so that PMD finds the JSP files.

See JSP Rule Index for a complete list of available rules.

<project>
  ...
  <reporting>
    <plugins>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-pmd-plugin</artifactId>
        <version>3.21.2</version>
        <configuration>
          <language>jsp</language>
          <rulesets>
            <ruleset>/category/jsp/bestpractices.xml</ruleset>
            <ruleset>/category/jsp/codestyle.xml</ruleset>
            <ruleset>/category/jsp/design.xml</ruleset>
            <ruleset>/category/jsp/errorprone.xml</ruleset>
            <ruleset>/category/jsp/security.xml</ruleset>
          </rulesets>
          <includes>
            <include>**/*.jsp</include>
          </includes>
          <compileSourceRoots>
            <compileSourceRoot>${basedir}/src/main/webapp</compileSourceRoot>
          </compileSourceRoots>
        </configuration>
        <reportSets>
          <reportSet>
            <reports>
              <report>pmd</report>
            </reports>
          </reportSet>
        </reportSets>
      </plugin>
    </plugins>
  </reporting>
  ...
</project>

Note: Configuring compileSourceRoots only works with Maven 3.3.9 and later. For older versions, you'll need to use build-helper-maven-plugin with the add-source goal in order to add the additional source directories, so that PMD finds the JSP files.