How to Install and Configure the Fireline Jenkins Plugin for Static Code Scanning

The official Fireline Jenkins plugin is now available; it can detect security issues, memory leaks in Android code, and supports Alibaba's Java coding standard (P3C). This guide shows how to use the plugin for static code scanning in Jenkins.

Installing the Fireline Plugin in Jenkins

Click the Jenkins logo at the top left, then navigate Manage Jenkins → Manage Plugins . In the plugin page, click the Available tab.

In the filter box type fireline , check the Fireline Plugin that appears, and click Install without restart .

After installation succeeds, click Return to Dashboard to start configuration.

Configuring a Jenkins Job for Fireline

Create a new job, give it a name (e.g., CodeScan ), select Freestyle project , and click OK .

In the General section, set the project name (e.g., CodeScan ).

In the Source Code Management section, provide the Git URL of the project you want to scan, e.g., https://github.com/ariesliu/TestCasesProject .

Skip Build Triggers and Build Environment . In the Build section, click Add build step and choose Execute FireLine .

The Build step shows Fireline configuration; the report path defaults to the user’s report directory, so you can leave it unchanged and click Save .

After saving, click Build Now to start the scan.

When the job runs, click the build number (e.g., #1 ) to view details, then open Console Output to see the execution log. After completion, the Fireline report path is displayed.

Open the generated testReport.html file in the reported directory to view the scan results.

Viewing Fireline Results Directly in Jenkins

Install the HTML Publisher plugin (Manage Jenkins → Manage Plugins → Available → search "HTML Publisher plugin" → Install).

In the CodeScan job, go to the Post-build Actions section, click Add post-build action and select Publish HTML reports .

Click Add and set HTML directory to archive to the Fireline report path (the same report directory shown in the build step). Set Index page[s] to testReport.html , then save.

Because the Fireline HTML report uses JavaScript, add a script step to allow JS execution. Go to Manage Jenkins → Script Console and run: System.setProperty("hudson.model.DirectoryBrowserSupport.CSP", "")

Return to the CodeScan job, click Build Now . After the build finishes, the HTML Report link appears, allowing you to view the Fireline results inside Jenkins.

The Jenkins Fireline report categorises issues by severity: security problems as Block , memory leaks as Risk , and Alibaba P3C rule violations as Warning or Optimization . See the Fireline documentation for full rule details.

Click the Issue Details list and expand each entry (using the plus icon) to see the offending code snippet.

Use the Search box with the keyword p3c to filter all issues related to the Alibaba Java coding standard.

Conclusion: Fireline provides a comprehensive static analysis solution for Android security and memory‑leak detection, complemented by the Alibaba P3C coding standards. Combined with the Jenkins plugin (and the Android Studio plugin), it enables end‑to‑end code‑quality assurance from development to packaging.