SnapStart Bug Scanner is the SpotBugs plugin for helping AWS Lambda customers inspect their functions against potential bugs unique to AWS Lambda SnapStart environment.

Following sections explain how to enable this plugin in your Gradle and Maven projects.

After SpotBugs is enabled in the Gradle project declaring a dependency on SnapStart bug scanner is sufficient.

Example:

plugins {
    id("com.github.spotbugs") version "4.7.3"
}

spotbugs {
    ignoreFailures.set(false)
    showStackTraces.set(true)
}

dependencies {
    spotbugs("com.github.spotbugs:spotbugs:4.7.3")
    spotbugsPlugins("software.amazon.lambda.snapstart:aws-lambda-snapstart-java-rules:0.2.1")
}

After updating the build.gradle file you can run ./gradlew check to run the analysis and see the result.

After SpotBugs is enabled in the Maven project declaring a dependency on SnapStart bug scanner is sufficient.

Example:

<build>
    <plugins>
        <plugin>
            <groupId>com.github.spotbugs</groupId>
            <artifactId>spotbugs-maven-plugin</artifactId>
            <version>4.7.3.0</version>
            <configuration>
                <effort>Max</effort>
                <threshold>medium</threshold>
                <failOnError>true</failOnError>
                <plugins>
                    <plugin>
                        <groupId>software.amazon.lambda.snapstart</groupId>
                        <artifactId>aws-lambda-snapstart-java-rules</artifactId>
                        <version>0.2.1</version>
                    </plugin>
                </plugins>
            </configuration>
        </plugin>
    </plugins>
</build>

After updating pom.xml you can run mvn compile && mvn spotbugs:spotbugs to run the analysis and see results in targets/spotbugsXml.xml file. Also, you can run mvn spotbugs:check to see results on your terminal and mvn spotbugs:gui on SpotBug's graphical UI.

Our analysis shows that AWS Lambda handler class initialization creates state that may not remain unique for the function when it uses SnapStart. Lambda functions that use SnapStart are snapshotted at their initialized state and all execution environments created afterwards share the same initial state. This means that if the Lambda function relies on state that is not resilient to snapshot and restore operations, it might manifest an unexpected behavior by using SnapStart.

This tool helps provide an insight on possible cases where your code may not be fully compatible with snapstart enabled. Please verify that your code maintains uniqueness with SnapStart. For best practices, follow the guidelines outlined in SnapStart feature documentation. For more information on the tool and examples of scenarios that the tool helps identify, refer to the SnapStart scanner GitHub documentation.

See CONTRIBUTING for more information.

This project is licensed under the Apache-2.0 License.