FindBugs¶
FindBugs is a program which uses static analysis to look for bugs in Java code. The name FindBugs and the FindBugs logo are trademarked by The University of Maryland.
http://findbugs.sourceforge.net/
Enabling FindBugs¶
FindBugs can be run in several ways. For example, as a plugin in a Maven project , a build script for Ant , or by command line integration. To enable FindBugs, take a Maven project as an example, first add following lines in your configuration:
build:
environment:
java: 'java-8-oracle'
nodes:
analysis:
tests:
override:
-
command: 'mvn findbugs:findbugs'
analysis:
file: 'path/to/findbugsXml.xml' #path to analysis result of findbugs
format: 'findbugs-xml' #supported format by Scrutinizer
then configure FindBugs under the build
element or reporting
element in your pom.xml
:
<project>
...
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<version>3.0.1</version>
<configuration>
<findbugsXmlOutput>true</findbugsXmlOutput>
<!-- Optional directory to put findbugs xdoc xml report -->
<findbugsXmlOutputDirectory>target/xmlOutput</findbugsXmlOutputDirectory>
</configuration>
</plugin>
</plugins>
</build>
...
</project>
FindBugs Security Plugin¶
Find Security Bugs is the FindBugs plugin for security audits of Java web applications. To enable Find Security Bugs plugin,
you can configure it in your pom.xml
:
<project>
...
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<version>3.0.1</version>
<configuration>
<findbugsXmlOutput>true</findbugsXmlOutput>
<!-- Optional directory to put findbugs xdoc xml report -->
<findbugsXmlOutputDirectory>target/xmlOutput</findbugsXmlOutputDirectory>
<plugins>
<plugin>
<groupId>com.h3xstream.findsecbugs</groupId>
<artifactId>findsecbugs-plugin</artifactId>
<version>LATEST</version> <!-- Auto-update to the latest stable -->
</plugin>
</plugins>
</configuration>
</plugin>
</plugins>
</build>
...
</project>
For further information please check: Find Security Bugs .