codenarc.org

What It Is

CodeNarc is a static analysis tool for Groovy code, used to detect defects, bad practices, inconsistencies, style issues, and more. Its core mechanism is rule-based violation detection, with rulesets organizing different categories of checks such as Basic, Concurrency, Design, Formatting, Security, Size/Complexity, and Unused. For teams centered on Groovy, Grails, or Jenkinsfile, it is essentially the Groovy equivalent of PMD/Checkstyle.

Core Capabilities and Ecosystem

CodeNarc is highly configurable. It supports custom rulesets and custom rules, and its developer guide provides a create-rule script that generates the skeleton for a rule class, test class, message configuration, and ruleset entry. It can be run as an Ant Task, from the command line, via Docker, or as a test suite, and it can also be integrated into engineering workflows through Maven, Gradle, Grails, SonarQube, VS Code, Jenkins, GitLab Code Quality, NPM Groovy Lint, and more. Report formats include HTML, XML, JSON, text, GitLab Code Quality, SARIF, and Baseline, making it suitable for code review and CI quality gates.

Language Support, Dependencies, and Self-Hosting

CodeNarc is primarily designed for Groovy code and requires Java 1.8+ and Groovy 3.0+. Groovy 4 corresponds to the 3.x.x-groovy-4.x versions of CodeNarc. If you use the Size/Complexity rules, you also need GMetrics or GMetrics-Groovy4. The tool can run locally, in Docker, or within an organization’s own CI environment, making it a typical self-hosted developer tool rather than a cloud SaaS product.

Pricing and Documentation

The source material does not provide commercial pricing or paid support information. The project is available from Maven Central and provides GitHub, Javadoc, and full website documentation, making it closer to a free open-source tool overall. The documentation covers running the tool, integrations, rule configuration, report examples, and rule development. Its quality is generally good, but information about commercial support, SLAs, and enterprise services is missing.

Pros, Cons, and Best Fit

Its strengths are its focus on Groovy, rich rule coverage, broad integrations, and report formats suited to modern CI/CD. Its limitations are limited cross-language capability, reliance on a Java/Groovy environment, and version-specific integration paths for some tools such as Grails. It is well suited to Groovy/Grails projects, DevOps teams with many Jenkinsfiles, and engineering organizations that want to customize coding standards. Access from China cannot be determined from the source material. If access to Maven Central, GitHub, or plugin marketplaces is unstable, consider configuring mirrors or using alternatives or complementary tools such as SonarQube, PMD, Checkstyle, or IntelliJ IDEA inspections.