Boost Java Code Quality: Master Alibaba Guidelines, CheckStyle, PMD, FindBugs & SonarLint

As a system expands, previously simple and stable features become more complex, increasing hidden risks that can cause service instability and business loss.

Improving code quality—especially through code reviews—helps reduce errors, but manual reviews become inefficient as code volume grows. This guide introduces several powerful tools that automate code‑quality checks.

Alibaba Java Coding Guidelines

1. Overview

Alibaba Java Coding Guidelines

focuses on Java coding standards to make formatting easier and faster for developers.

The plugin scans code and flags violations as Blocker, Critical, or Major, many of which can be auto‑fixed and provides real‑time inspection.

Supported rule categories include:

OOP conventions

Concurrency handling

Control statements

Naming conventions

Constant definitions

Comment standards

2. Installation

Navigate File > Settings > Plugins > Marketplace, search for “Alibaba Java Coding Guidelines”, install, and restart the IDE.

3. Usage

3.1 Run method

1) Tools > Alibaba Coding Guidelines > Scan

2) Right‑click in the editor or project view and select “Scan Coding Guidelines”.

3.2 Menu functions

Scan: start scanning the code.

Toggle real‑time detection: enable for fast feedback on capable machines.

Switch language to English.

3.3 Scan results

The results are grouped into Blocker, Critical, and Major, indicating severity from high to low.

Selecting a problem shows detailed information.

3.4 Toolbar actions

Rerun Inspection

: run the scan again. Close: close the AJCG panel. Expand All: expand the result tree. Collapse All: collapse the tree. Go Pre Problem: jump to the previous issue. Go Next Problem: jump to the next issue.

Group by Severity

Group by Directory

Filter Resolved Items

Autoscroll to Source

Export

: export results as XML or HTML.

Edit Settings

CheckStyle

1. Overview

CheckStyle checks coding style and formatting rules such as naming, Javadoc, whitespace, method length, duplicate code, and unused imports. It focuses on style rather than bug detection.

It ships with two built‑in rule sets (Sun Checks) that are very strict, so custom rule files are usually needed.

2. Installation

Use File > Settings > Plugins > Marketplace, search for “CheckStyle”, install, and restart.

3. Usage

Run the inspection from the Tools menu or right‑click a file/project and select “Run CheckStyle”. The UI shows the detected style violations.

PMD

1. Overview

PMD focuses on security‑related coding rules and provides data‑flow and path analysis. It supports custom rule sets.

Typical issues detected include empty try/catch/finally/switch blocks, dead code, misuse of String/StringBuffer, complex expressions, object creation inside loops, and resource‑closing problems.

2. Installation

Install via File > Settings > Plugins > Marketplace, search for “PMDPlugin”, install, and restart.

3. Usage

3.1 Run method

From the Tools menu: Tools > Run PMD scans the entire project.

3.2 Run from context menu

Right‑click a file or directory and choose “Run PMD” to scan the selected scope.

3.3 Configure rules

Open File > Settings > Other Settings > PMD to manage rule sets, import custom rules, and adjust options such as “Skip TestSource”.

FindBugs

1. Overview

FindBugs detects actual bugs such as null‑pointer dereferences, unreleased resources, and incorrect string comparisons, providing concise fix suggestions.

2. Installation

Install via File > Settings > Plugins > Marketplace, search for “FindBugs”, install, and restart.

3. Usage

Analyze a file, package, module, or whole project by right‑clicking and selecting “Run FindBugs”. The result panel lists bugs and lets you jump to the offending code.

SonarLint

1. Overview

SonarLint extends bug detection to code health, covering quality, dependency analysis, complexity, and duplicated code. It works as an IDE plugin.

2. Installation

Install via File > Settings > Plugins > Marketplace, search for “SonarLint”, install, and restart.

3. Usage

Right‑click a project or file and select “Run SonarLint”. The report shows issues and suggested fixes.

4. Configure SonarLint server

In the SonarLint settings, add a server connection (URL, login, password) and associate the desired project.

After linking, you can run SonarLint on selected files or directories, and optionally enable “Perform SonarLint analysis” on commit.

Summary

• For coding‑style enforcement, use Alibaba Java Coding Guidelines.

• For bug detection, combine PMD, FindBugs, and SonarLint for complementary coverage.

• PMD offers strong custom‑rule capabilities, FindBugs excels at finding real bugs, and SonarLint provides the richest rule set for overall code health.