Vulnetix
Try Vulnetix Request Demo
Tool integration

PMD Integration Guide

Source code analyzer for Java and other languages

Get a Free API Key

Integrate PMD with Vulnetix. Analyze Java and other language source code for potential bugs and security issues with SARIF output.

Java, JavaScript, XML, and moreCLI toolSARIF

Install & scan

$ # Download from GitHub releases
curl -L https://github.com/pmd/pmd/releases/latest/download/pmd-dist-7-latest-bin.zip -o pmd.zip
unzip pmd.zip
$ pmd check -d src -R rulesets/java/quickstart.xml -f sarif > pmd.sarif

Run PMD in CI

Scan on every push and upload the results to Vulnetix:

- name: Setup PMD
  uses: pmd/pmd-github-action@v2
  with:
    version: 'latest'
    rulesets: 'rulesets/java/quickstart.xml'
    analyzeModifiedFilesOnly: false
- name: Upload to Vulnetix
  run: vulnetix upload --file pmd-report.sarif

Centralise PMD results in Vulnetix

Upload PMD SARIF output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.

PMD documentation ↗  ·  Source repository ↗

Wire PMD into your CI/CD pipeline →