README.md

NullAudit

A tool to verify whether JSpecify nullness annotations are applied to your codebase.
Check out the sample project for an example of actual usage.

Features

• Detects unspecified nullness types based on @Nullable, @NonNull, @NullMarked, and @NullUnmarked annotations.
• Analyzes .jar files or directories containing .class files.
• Generates a JSON report of the analysis results.
• Maven plugin to simplify integration with CI/CD workflows.

Requirements

• Java 17+
• Maven

Usage

Maven Plugin

The plugin provides two goals:

• check - Analyzes the codebase to detect types with an unspecified nullness value.
  If any are found, the execution fails and displays the details in the output.
• report - Generates a JSON report containing details about places in the code where nullness is unspecified.

Usage in pom.xml

To ensure your code is fully annotated with nullness annotations, add the following plugin configuration to your pom.xml:

<!-- ... -->
<build>
  <plugins>
    <plugin>
      <groupId>eu.soft-pol.lib.nullaudit</groupId>
      <artifactId>nullaudit-maven-plugin</artifactId>
      <version>0.2.0</version>
      <configuration>
        <!-- Limit the number of issues displayed on the console -->
        <maxErrors>100</maxErrors>
      </configuration>
      <executions>
        <execution>
          <phase>compile</phase>
          <goals>
            <goal>check</goal>
          </goals>
        </execution>
      </executions>
    </plugin>
  </plugins>
</build>
<!-- ... -->

Usage as a standalone tool

You can also use NullAudit outside of a Maven project.
For example, to find unspecified nullness in a .jar file, run:

mvn eu.soft-pol.lib.nullaudit:nullaudit-maven-plugin:0.2.0:check -Dnullaudit.input=log4j-core-2.24.3.jar

To generate a JSON report for a .jar file, run:

mvn eu.soft-pol.lib.nullaudit:nullaudit-maven-plugin:0.2.0:report -Dnullaudit.input=log4j-core-2.24.3.jar -Dnullaudit.reportFile=report.json