Add PMD report to GH Code Scanning

.github/workflows/codeql-analysis.yml

@@ -62,9 +62,14 @@ jobs:
           languages: ${{ matrix.language }}
 
       - name: Maven Build
-        run: ./mvnw verify
+        run: ./mvnw verify pmd:aggregate-pmd -Pci
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v3
         with:
           category: "/language:${{matrix.language}}"
+
+      - name: Upload PMD Analysis
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: pmd-report.sarif

pom.xml

@@ -700,6 +700,7 @@
           <groupId>org.apache.maven.plugins</groupId>
           <artifactId>maven-pmd-plugin</artifactId>
           <configuration>
+            <format>net.sourceforge.pmd.renderers.SarifRenderer</format>
             <rulesets>
               <ruleset>${session.executionRootDirectory}/src/pmd/ruleset.xml</ruleset>
             </rulesets>