We build software using Hudson and Maven. We have C#, java and last, but not least PL/SQL sources (sprocs, packages, DDL, crud)
For C# and Java we do unit tests and code analysis, but we don't really know the health of our PL/SQL sources before we actually publish them to the target database.
Requirements
There are a couple of things we wan't to test in the following priority:
Are the sources valid, hence "compilable"?
For packages, with respect to a certain database, would they compile?
Code Quality: Do we have code flaws like duplicates, too complex methods or other violations to a defined set of rules?
Also,
the tool must run head-less (commandline, ant, ...)
we wan't to do analysis on a partial code base (changed sources only)
Tools
We did a little research and found the following tools that could potencially help:
Cast Application Intelligence Platform (AIP): Seems to be a server that grasps information about "anything". Couldn't find a console version that would export in readable format.
Toad for Oracle: The Professional version is said to include something called Xpert validates a set of rules against a code base.
Sonar + PL/SQL-Plugin: Uses Toad for Oracle to display code-health the sonar-way. This is for browsing the current state of the code base.
Semantic Designs DMSToolkit: Quite general analysis of source code base. Commandline available?
Semantic Designs Clones Detector: Detects clones. But also via command line?
Fortify Source Code Analyzer: Seems to be focussed on security issues. But maybe it is extensible? more...
So far, Toad for Oracle together with Sonar seems to be an elegant solution. But may be we are missing something here?
Any ideas? Other products? Experiences?
Related Questions on SO:
http://stackoverflow.com/questions/531430/any-static-code-analysis-tools-for-stored-procedures
http://stackoverflow.com/questions/839707/any-code-quality-tool-for-pl-sql
http://stackoverflow.com/questions/956104/is-there-a-static-analysis-tool-for-python-ruby-sql-cobol-perl-and-pl-sql