FindBugs¶

FindBugs is a program which uses static analysis to look for bugs in Java code. The name FindBugs and the FindBugs logo are trademarked by The University of Maryland.
http://findbugs.sourceforge.net/

Enabling FindBugs¶

FindBugs can be run in several ways. For example, as a plugin in a Maven project , a build script for Ant , or by command line integration. To enable FindBugs, take a Maven project as an example, first add following lines in your configuration:

build:
    environment:
        java: 'java-8-oracle'

    nodes:
        analysis:
            tests:
                override:
                    -
                        command: 'mvn findbugs:findbugs'
                        analysis:
                            file: 'path/to/findbugsXml.xml' #path to analysis result of findbugs
                            format: 'findbugs-xml'  #supported format by Scrutinizer

then configure FindBugs under the build element or reporting element in your pom.xml:

<project>

    ...
    <build>
        <plugins>
            <plugin>
                <groupId>org.codehaus.mojo</groupId>
                <artifactId>findbugs-maven-plugin</artifactId>
                <version>3.0.1</version>
                <configuration>
                    <findbugsXmlOutput>true</findbugsXmlOutput>
                    <!-- Optional directory to put findbugs xdoc xml report -->
                    <findbugsXmlOutputDirectory>target/xmlOutput</findbugsXmlOutputDirectory>
                </configuration>
            </plugin>
        </plugins>
    </build>
    ...

</project>

FindBugs Security Plugin¶

Find Security Bugs is the FindBugs plugin for security audits of Java web applications. To enable Find Security Bugs plugin, you can configure it in your pom.xml:

<project>

    ...
    <build>
        <plugins>
            <plugin>
                <groupId>org.codehaus.mojo</groupId>
                <artifactId>findbugs-maven-plugin</artifactId>
                <version>3.0.1</version>
                <configuration>
                    <findbugsXmlOutput>true</findbugsXmlOutput>
                    <!-- Optional directory to put findbugs xdoc xml report -->
                    <findbugsXmlOutputDirectory>target/xmlOutput</findbugsXmlOutputDirectory>
                    <plugins>
                        <plugin>
                            <groupId>com.h3xstream.findsecbugs</groupId>
                            <artifactId>findsecbugs-plugin</artifactId>
                            <version>LATEST</version> <!-- Auto-update to the latest stable -->
                        </plugin>
                   </plugins>
               </configuration>
            </plugin>
        </plugins>
    </build>
    ...

</project>

For further information please check: Find Security Bugs .