spotbugs / discuss Goto Github PK
View Code? Open in Web Editor NEWSpotBugs mailing list
SpotBugs mailing list
I am reviewing https://travis-ci.org/spotbugs/spotbugs/builds/396638921 which seems to be the latest build job publishing snapshots for 3.1. The build was not able to publish and upload snapshots due to some connectivity issue. Could this job be restarted?
3.1.6 SNAPSHOT seems to have updated asm versions to 6.2 which may allow support for JDK 11. (Experimenting with this build/version over at https://github.com/apereo/cas)
PS It would also be very good if the milestones could be updated to indicate the release schedule and tentative dates for 3.1.6 and beyond.
I will use this thread to share stats from SonaType Nexus.
It seems that SpotBugs is not actively used, let's ask community to have a try with SpotBugs.
For reference, download for FindBugs is more than 120k/mo.
We're looking to perform highly accurate inter-procedural data-flow analysis in Spotbugs. After crawling code, it appears that the current API and interfaces provided are not designed for this. So we would like to extend the functionality of spotbugs with these features. I have a couple questions before we get too far along:
I'm now trying to introduce https://travis-ci.com/spotbugs/spotbugs instead of travis-ci.org.
reference:
The warning at the bottom says out of memory, but that there are 2 GB free
/home/java/java_bin/findbugs/spotbugs-3.1.0/bin/spotbugs -textui -exclude /home/java/gen/HEAD/spotbugs_ignore.xml -property findbugs.refcomp.reportAll=true -property findbugs.de.comment=true -property findbugs.sf.comment=true -maxHeap 4096 -output /home/java/gen/HEAD/spotbugs.htm -auxclasspath .:/home/java/source/HEAD/work/jar_classes:/home/java/source/HEAD/work/jar_classes17:/home/java/source/HEAD/work/jar_classes_servlet:::/home/tomcat/apache-tomcat-8.5.23/lib/annotations-api.jar:/home/tomcat/apache-tomcat-8.5.23/lib/catalina-ant.jar:/home/tomcat/apache-tomcat-8.5.23/lib/catalina-ha.jar:/home/tomcat/apache-tomcat-8.5.23/lib/catalina-storeconfig.jar:/home/tomcat/apache-tomcat-8.5.23/lib/catalina-tribes.jar:/home/tomcat/apache-tomcat-8.5.23/lib/catalina.jar:/home/tomcat/apache-tomcat-8.5.23/lib/ecj-4.6.3.jar:/home/tomcat/apache-tomcat-8.5.23/lib/el-api.jar:/home/tomcat/apache-tomcat-8.5.23/lib/jasper-el.jar:/home/tomcat/apache-tomcat-8.5.23/lib/jasper.jar:/home/tomcat/apache-tomcat-8.5.23/lib/jaspic-api.jar:/home/tomcat/apache-tomcat-8.5.23/lib/jsp-api.jar:/home/tomcat/apache-tomcat-8.5.23/lib/servlet-api.jar:/home/tomcat/apache-tomcat-8.5.23/lib/tomcat-api.jar:/home/tomcat/apache-tomcat-8.5.23/lib/tomcat-coyote.jar:/home/tomcat/apache-tomcat-8.5.23/lib/tomcat-dbcp.jar:/home/tomcat/apache-tomcat-8.5.23/lib/tomcat-i18n-es.jar:/home/tomcat/apache-tomcat-8.5.23/lib/tomcat-i18n-fr.jar:/home/tomcat/apache-tomcat-8.5.23/lib/tomcat-i18n-ja.jar:/home/tomcat/apache-tomcat-8.5.23/lib/tomcat-jdbc.jar:/home/tomcat/apache-tomcat-8.5.23/lib/tomcat-jni.jar:/home/tomcat/apache-tomcat-8.5.23/lib/tomcat-util-scan.jar:/home/tomcat/apache-tomcat-8.5.23/lib/tomcat-util.jar:/home/tomcat/apache-tomcat-8.5.23/lib/tomcat-websocket.jar:/home/tomcat/apache-tomcat-8.5.23/lib/websocket-api.jar -html /home/java/source/HEAD/work/tomcat85/classes17_output /home/java/source/HEAD/classes
The following errors occurred during analysis:
Exception analyzing com.ibi.ibfs.objects.IBFSPropertyNames using detector com.h3xstream.findsecbugs.password.GoogleApiKeyDetector
java.lang.NullPointerException
At com.h3xstream.findsecbugs.password.GoogleApiKeyDetector.visitClassContext(GoogleApiKeyDetector.java:81)
At edu.umd.cs.findbugs.DetectorToDetector2Adapter.visitClass(DetectorToDetector2Adapter.java:76)
At edu.umd.cs.findbugs.FindBugs2.analyzeApplication(FindBugs2.java:1079)
At edu.umd.cs.findbugs.FindBugs2.execute(FindBugs2.java:280)
At edu.umd.cs.findbugs.FindBugs.runMain(FindBugs.java:401)
At edu.umd.cs.findbugs.FindBugs2.main(FindBugs2.java:1187)
Exception analyzing com.ibi.webapp.security.WFCorsFilter using detector com.h3xstream.findsecbugs.PermissiveCORSDetector
java.lang.NullPointerException
At com.h3xstream.findsecbugs.PermissiveCORSDetector.analyzeMethod(PermissiveCORSDetector.java:86)
At com.h3xstream.findsecbugs.PermissiveCORSDetector.visitClassContext(PermissiveCORSDetector.java:57)
At edu.umd.cs.findbugs.DetectorToDetector2Adapter.visitClass(DetectorToDetector2Adapter.java:76)
At edu.umd.cs.findbugs.FindBugs2.analyzeApplication(FindBugs2.java:1079)
At edu.umd.cs.findbugs.FindBugs2.execute(FindBugs2.java:280)
At edu.umd.cs.findbugs.FindBugs.runMain(FindBugs.java:401)
At edu.umd.cs.findbugs.FindBugs2.main(FindBugs2.java:1187)
Out of memory
Total memory: 3817M
free memory: 2421M
Analyzed: /home/java/source/HEAD/work/tomcat85/classes17_output
Analyzed: /home/java/source/HEAD/classes
I'm using FindBugs in maven using a filter file that is provided by a jar file (see pom.xml). Seems that this approach does not work for SpotBugs. Is there anything changed when resolving the filter files in the maven-plugin? I get the following exception:
[ERROR] Could not find resource 'etc/findbugs-exclusion-filter.xml'. -> [Help 1]
org.codehaus.plexus.resource.loader.ResourceNotFoundException: Could not find resource 'etc/findbugs-exclusion-filter.xml'.
at org.codehaus.plexus.resource.DefaultResourceManager.getResource(DefaultResourceManager.java:171)
at org.codehaus.plexus.resource.DefaultResourceManager.getResourceAsInputStream(DefaultResourceManager.java:67)
at org.codehaus.plexus.resource.ResourceManager$getResourceAsInputStream$1.call(Unknown Source)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
This is just announcement: I've installed WIP app to all repositories in spotbugs organization. If it affects your hack, please let me know then I'll revert this change.
I want to check if a specific method is called from a class constructor. Call List analysis does not seem to do that. Any other dataflow analysis I can refer to
I want to use spotbugs in jenkins Pipeline, but I cannot find the plugin for it as it is for findbugs.
And how can I use spotbugs as a standalone tool?
Taking a look at the current diff (spotbugs/spotbugs@3.1.2...release-3.1) it looks like if a release is pushed, spotbugs will gain partial java 10 support from spotbugs/spotbugs@c2ef728. Is this true? How do the maintainers feel about pushing a release?
Is there any documentation for getting the eclipse plugin set up for development? I want to try my hand at enhancing the plugin a bit but am not sure how to get started so the code is all compiled and working in Eclipse. There may be a document out there already; I just didn't find anything.
Thanks.
Hello.
I have multimodule project. In the beginning of build.gradle I have the following:
buildscript {
repositories {
mavenCentral()
maven {
url "https://plugins.gradle.org/m2/"
}
}
dependencies {
classpath "gradle.plugin.com.github.spotbugs:gradlePlugin:1.2"
}
}
Some time after I have subprojects configuration:
configure(subprojects.findAll {it.path.matches(serviceImplPattern)}){
...
spotbugs {
ignoreFailures = false
sourceSets = [sourceSets.main]
if (skipStaticAnalysis()) {
sourceSets = []
}
effort = "max"
reportLevel = "high"
}
tasks.withType(com.github.spotbugs.SpotBugsTask) {
reports {
xml.enabled = false
html.enabled = true
}
}
...
}
If I change spotbugs:gradlePlugin version to 1.3, I get the following message:
A problem occurred evaluating root project 'hcspafo'.
> com.github.spotbugs.SpotBugsTask.setSource(Lorg/gradle/api/file/FileTree;)V
...
Exception is:
org.gradle.api.GradleScriptException: A problem occurred evaluating root project 'hcspafo'.
at org.gradle.groovy.scripts.internal.DefaultScriptRunnerFactory$ScriptRunnerImpl.run(DefaultScriptRunnerFactory.java:92)
at org.gradle.configuration.DefaultScriptPluginFactory$ScriptPluginImpl$2.run(DefaultScriptPluginFactory.java:176)
at org.gradle.configuration.ProjectScriptTarget.addConfiguration(ProjectScriptTarget.java:77)
at org.gradle.configuration.DefaultScriptPluginFactory$ScriptPluginImpl.apply(DefaultScriptPluginFactory.java:181)
at org.gradle.configuration.project.BuildScriptProcessor.execute(BuildScriptProcessor.java:39)
at org.gradle.configuration.project.BuildScriptProcessor.execute(BuildScriptProcessor.java:26)
at org.gradle.configuration.project.ConfigureActionsProjectEvaluator.evaluate(ConfigureActionsProjectEvaluator.java:34)
at org.gradle.configuration.project.LifecycleProjectEvaluator.doConfigure(LifecycleProjectEvaluator.java:70)
at org.gradle.configuration.project.LifecycleProjectEvaluator.access$000(LifecycleProjectEvaluator.java:33)
at org.gradle.configuration.project.LifecycleProjectEvaluator$1.execute(LifecycleProjectEvaluator.java:53)
at org.gradle.configuration.project.LifecycleProjectEvaluator$1.execute(LifecycleProjectEvaluator.java:50)
at org.gradle.internal.Transformers$4.transform(Transformers.java:169)
at org.gradle.internal.progress.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:106)
at org.gradle.internal.progress.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:61)
at org.gradle.configuration.project.LifecycleProjectEvaluator.evaluate(LifecycleProjectEvaluator.java:50)
at org.gradle.api.internal.project.DefaultProject.evaluate(DefaultProject.java:599)
at org.gradle.api.internal.project.DefaultProject.evaluate(DefaultProject.java:125)
at org.gradle.execution.TaskPathProjectEvaluator.configure(TaskPathProjectEvaluator.java:35)
at org.gradle.execution.TaskPathProjectEvaluator.configureHierarchy(TaskPathProjectEvaluator.java:60)
at org.gradle.configuration.DefaultBuildConfigurer.configure(DefaultBuildConfigurer.java:38)
at org.gradle.initialization.DefaultGradleLauncher$ConfigureBuildAction.execute(DefaultGradleLauncher.java:233)
at org.gradle.initialization.DefaultGradleLauncher$ConfigureBuildAction.execute(DefaultGradleLauncher.java:230)
at org.gradle.internal.Transformers$4.transform(Transformers.java:169)
at org.gradle.internal.progress.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:106)
at org.gradle.internal.progress.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:56)
at org.gradle.initialization.DefaultGradleLauncher.doBuildStages(DefaultGradleLauncher.java:160)
at org.gradle.initialization.DefaultGradleLauncher.doBuild(DefaultGradleLauncher.java:119)
at org.gradle.initialization.DefaultGradleLauncher.run(DefaultGradleLauncher.java:102)
at org.gradle.launcher.exec.GradleBuildController.run(GradleBuildController.java:71)
at org.gradle.tooling.internal.provider.ExecuteBuildActionRunner.run(ExecuteBuildActionRunner.java:28)
at org.gradle.launcher.exec.ChainingBuildActionRunner.run(ChainingBuildActionRunner.java:35)
at org.gradle.launcher.exec.InProcessBuildActionExecuter.execute(InProcessBuildActionExecuter.java:41)
at org.gradle.launcher.exec.InProcessBuildActionExecuter.execute(InProcessBuildActionExecuter.java:26)
at org.gradle.tooling.internal.provider.ContinuousBuildActionExecuter.execute(ContinuousBuildActionExecuter.java:75)
at org.gradle.tooling.internal.provider.ContinuousBuildActionExecuter.execute(ContinuousBuildActionExecuter.java:49)
at org.gradle.tooling.internal.provider.ServicesSetupBuildActionExecuter.execute(ServicesSetupBuildActionExecuter.java:49)
at org.gradle.tooling.internal.provider.ServicesSetupBuildActionExecuter.execute(ServicesSetupBuildActionExecuter.java:31)
at org.gradle.launcher.daemon.server.exec.ExecuteBuild.doBuild(ExecuteBuild.java:67)
at org.gradle.launcher.daemon.server.exec.BuildCommandOnly.execute(BuildCommandOnly.java:36)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120)
at org.gradle.launcher.daemon.server.exec.WatchForDisconnection.execute(WatchForDisconnection.java:47)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120)
at org.gradle.launcher.daemon.server.exec.ResetDeprecationLogger.execute(ResetDeprecationLogger.java:26)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120)
at org.gradle.launcher.daemon.server.exec.RequestStopIfSingleUsedDaemon.execute(RequestStopIfSingleUsedDaemon.java:34)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120)
at org.gradle.launcher.daemon.server.exec.ForwardClientInput$2.call(ForwardClientInput.java:74)
at org.gradle.launcher.daemon.server.exec.ForwardClientInput$2.call(ForwardClientInput.java:72)
at org.gradle.util.Swapper.swap(Swapper.java:38)
at org.gradle.launcher.daemon.server.exec.ForwardClientInput.execute(ForwardClientInput.java:72)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120)
at org.gradle.launcher.daemon.server.exec.LogAndCheckHealth.execute(LogAndCheckHealth.java:55)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120)
at org.gradle.launcher.daemon.server.exec.LogToClient.doBuild(LogToClient.java:60)
at org.gradle.launcher.daemon.server.exec.BuildCommandOnly.execute(BuildCommandOnly.java:36)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120)
at org.gradle.launcher.daemon.server.exec.EstablishBuildEnvironment.doBuild(EstablishBuildEnvironment.java:72)
at org.gradle.launcher.daemon.server.exec.BuildCommandOnly.execute(BuildCommandOnly.java:36)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120)
at org.gradle.launcher.daemon.server.exec.StartBuildOrRespondWithBusy$1.run(StartBuildOrRespondWithBusy.java:50)
at org.gradle.launcher.daemon.server.DaemonStateCoordinator$1.run(DaemonStateCoordinator.java:297)
at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:63)
at org.gradle.internal.concurrent.StoppableExecutorImpl$1.run(StoppableExecutorImpl.java:46)
Caused by: java.lang.NoSuchMethodError: com.github.spotbugs.SpotBugsTask.setSource(Lorg/gradle/api/file/FileTree;)V
at com.github.spotbugs.SpotBugsPlugin.configureForSourceSet(SpotBugsPlugin.java:189)
at com.github.spotbugs.SpotBugsPlugin.configureForSourceSet(SpotBugsPlugin.java:41)
at org.gradle.api.plugins.quality.internal.AbstractCodeQualityPlugin$5.execute(AbstractCodeQualityPlugin.java:170)
at org.gradle.api.plugins.quality.internal.AbstractCodeQualityPlugin$5.execute(AbstractCodeQualityPlugin.java:166)
at org.gradle.api.internal.DefaultDomainObjectCollection.all(DefaultDomainObjectCollection.java:135)
at org.gradle.api.plugins.quality.internal.AbstractCodeQualityPlugin.configureForSourceSets(AbstractCodeQualityPlugin.java:166)
at org.gradle.api.plugins.quality.internal.AbstractCodeQualityPlugin.access$000(AbstractCodeQualityPlugin.java:42)
at org.gradle.api.plugins.quality.internal.AbstractCodeQualityPlugin$4.execute(AbstractCodeQualityPlugin.java:160)
at org.gradle.api.plugins.quality.internal.AbstractCodeQualityPlugin$4.execute(AbstractCodeQualityPlugin.java:157)
at org.gradle.internal.Actions$FilteredAction.execute(Actions.java:205)
at org.gradle.api.internal.DefaultDomainObjectCollection.all(DefaultDomainObjectCollection.java:135)
at org.gradle.api.internal.DefaultDomainObjectCollection.withType(DefaultDomainObjectCollection.java:158)
at org.gradle.api.plugins.quality.internal.AbstractCodeQualityPlugin.withBasePlugin(AbstractCodeQualityPlugin.java:203)
at org.gradle.api.plugins.quality.internal.AbstractCodeQualityPlugin.configureSourceSetRule(AbstractCodeQualityPlugin.java:157)
at org.gradle.api.plugins.quality.internal.AbstractCodeQualityPlugin.apply(AbstractCodeQualityPlugin.java:61)
at org.gradle.api.plugins.quality.internal.AbstractCodeQualityPlugin.apply(AbstractCodeQualityPlugin.java:42)
at org.gradle.api.internal.plugins.ImperativeOnlyPluginApplicator.applyImperative(ImperativeOnlyPluginApplicator.java:35)
at org.gradle.api.internal.plugins.RuleBasedPluginApplicator.applyImperative(RuleBasedPluginApplicator.java:43)
at org.gradle.api.internal.plugins.DefaultPluginManager.doApply(DefaultPluginManager.java:139)
at org.gradle.api.internal.plugins.DefaultPluginManager.apply(DefaultPluginManager.java:112)
at org.gradle.api.internal.plugins.DefaultObjectConfigurationAction.applyType(DefaultObjectConfigurationAction.java:113)
at org.gradle.api.internal.plugins.DefaultObjectConfigurationAction.access$200(DefaultObjectConfigurationAction.java:36)
at org.gradle.api.internal.plugins.DefaultObjectConfigurationAction$3.run(DefaultObjectConfigurationAction.java:80)
at org.gradle.api.internal.plugins.DefaultObjectConfigurationAction.execute(DefaultObjectConfigurationAction.java:136)
at org.gradle.api.internal.project.AbstractPluginAware.apply(AbstractPluginAware.java:44)
at org.gradle.internal.metaobject.BeanDynamicObject$MetaClassAdapter.invokeMethod(BeanDynamicObject.java:464)
at org.gradle.internal.metaobject.BeanDynamicObject.invokeMethod(BeanDynamicObject.java:176)
at org.gradle.internal.metaobject.CompositeDynamicObject.invokeMethod(CompositeDynamicObject.java:96)
at org.gradle.internal.metaobject.MixInClosurePropertiesAsMethodsDynamicObject.invokeMethod(MixInClosurePropertiesAsMethodsDynamicObject.java:30)
at org.gradle.internal.metaobject.ConfigureDelegate.invokeMethod(ConfigureDelegate.java:59)
at build_72fnjt7y4wwfjb0dztk1iandm$_run_closure10.doCall(C:\projects\hcspafo\build.gradle:195)
at org.gradle.api.internal.ClosureBackedAction.execute(ClosureBackedAction.java:70)
at org.gradle.util.ConfigureUtil.configureTarget(ConfigureUtil.java:160)
at org.gradle.util.ConfigureUtil.configure(ConfigureUtil.java:106)
at org.gradle.api.internal.project.DefaultProject.configure(DefaultProject.java:960)
at org.gradle.api.internal.project.DefaultProject.configure(DefaultProject.java:965)
at org.gradle.internal.metaobject.BeanDynamicObject$MetaClassAdapter.invokeMethod(BeanDynamicObject.java:464)
at org.gradle.internal.metaobject.BeanDynamicObject.invokeMethod(BeanDynamicObject.java:176)
at org.gradle.internal.metaobject.CompositeDynamicObject.invokeMethod(CompositeDynamicObject.java:96)
at org.gradle.internal.metaobject.MixInClosurePropertiesAsMethodsDynamicObject.invokeMethod(MixInClosurePropertiesAsMethodsDynamicObject.java:30)
at org.gradle.groovy.scripts.BasicScript.invokeMethod(BasicScript.java:111)
at org.gradle.groovy.scripts.BasicScript.methodMissing(BasicScript.java:120)
at build_72fnjt7y4wwfjb0dztk1iandm.run(C:\projects\hcspafo\build.gradle:193)
at org.gradle.groovy.scripts.internal.DefaultScriptRunnerFactory$ScriptRunnerImpl.run(DefaultScriptRunnerFactory.java:90)
... 62 more
1.2 works just fine.
Just in case:
$ gradle --version
------------------------------------------------------------
Gradle 3.4.1
------------------------------------------------------------
Build time: 2017-03-03 19:45:41 UTC
Revision: 9eb76efdd3d034dc506c719dac2955efb5ff9a93
Groovy: 2.4.7
Ant: Apache Ant(TM) version 1.9.6 compiled on June 29 2015
JVM: 1.8.0_121 (Oracle Corporation 25.121-b13)
OS: Windows 10 10.0 amd64
Is it possible to export a spotbug configuration
to an xml-file which you can use for maven, like described here?
If yes, how can you do this?
I'm personally going to post SpotBugs related blog articles, and searching good service that is famous even for Java/JVM developers. Current options:
If you have more suggestions, please let me know. Thanks!
I am writing this with both my Eclipse and SpotBugs committer hats on: We at Eclipse Code Recommenders are currently considering building a set of SpotBugs detectors based on machine-learning (just like Code Recommenders is ML-based code-completion).
To that end, we need to initiate a so-called IP check of the SpotBugs codebase during which its provenance will be checked by the Eclipse legal team. Also, there is the issue of LGPL/EPL compatibility.
If you are interested, you can follow the discussion with the legal team in CQs 14164 and 14163 (Eclipse committer login required), but I will report any findings here.
My project having multiple packages but i need to run findbugs on only specific package ignore other packages in eclipse.Thank You in advance.
Example :
Suppose in my java project having two packages like org.test.imf.* , org.link.iag., org.build.creta. But we need to run findbugs on specific package like org.test.imf.* not require for other packages. please explain how to use filter the packages based on include and exclude filter options in eclipse findbugs plugin options.
I need permissions to mark issue to False Positive on the Sonar instance.
https://sonarcloud.io/dashboard?id=com.github.spotbugs%3Asonar-findbugs-plugin
The plugin can't be release without this requirement.
Hello all,
I am working with a team of students and we want to bring SpotBugs as a plugin to BlueJ. In order to do this the plugin must be contained in a single Jar file. Is this currently possible with the current version of SpotBugs?
Aaron C. Loomis
I'm migrating our ant build from findbugs to spotbugs and there's a change that is confusing me. We exclude a lot of classes from the analysis and have always gotten a list of "missing classes", but findbugs-ant has never considered this en error. Running spotbugs-ant gives me this output
[spotbugs] Missing classes: 140
[spotbugs] Calculating exit code...
[spotbugs] Setting 'missing class' flag (2)
[spotbugs] Exit code set to: 2
[spotbugs] Java Result: 2
[spotbugs] Classes needed for analysis were missing
The build is not failing, but even when I run with -q, I get a stderr printout "Java Result: 2", which is quite confusing when it's not an actual error
Running the same analysis directly using the spotbugs jar and not the ant build seems to have exit code 0, and that seems inconsistent with the above.
What's the reason for having this as an stderr printout in the and build?
Currently we put gradle plugin to spotbugs
project, even though it uses different version mechanism (SpotBugs is going to release 3.1.0, but Gradle plugin releases 1.0~1.4). It makes version management tricky, and impossible to release gradle plugin without releasing SpotBugs itself (and vice versa).
I think it is better to :
2.0.0-SNAPSHOT
and start following semver2..travis.yml
to stop releasing spotbugs and gradle plugin at the same time.Detector2 is the base interface to implement plugin based on bytecode-framework-neutral architecture, but it has no document even in legacy FindBugs user manual. And I don't know how to code with it (I just know CFG
based analysis which is based on it).
Do you have experience to code with it? If so, please consider to send PR to docs/implement-plugin.rst to update official user manual about implementing plugin.
I've set up Google Analytics for SpotBugs manual site.
If you want to see result, please let me know your email address then I will invite you.
I was working on injecting of groovy scripts dynamically in Java. So before executing those scripts, I want to get sure of that they do not have potential bugs using SpotBugs.
Here is the Psuedo-Code:
Here it should return the infinite loop bug.
String script = "class Hello { static void main(String []args) { def i = 0; while ( i <= 0) { i = i - 1; } } } ";
List<Bugs> bugs = SpotBugs.getBugs(script);
if (bugs == null) {
execute(script);
}
So how to do the SpotBugs.getBugs(script)
using java, the input script
will not be hard-coded as in above example, but will be dynamically fetched.
I see that we have some PR's appearing, this is really good!
However, all of those PR's are (by default) created for "master" branch which is targeting 4.0 release.
Most of the PR's coming with a smaller fixes, most of those fixes are perfectly working on 3.1 code, and most of the users want see them in a final 3.1.x release soon.
I don't see 4.0 to be released soon, so it makes more sense people who want to contribute will by default use the "right" branch, which is release-3.1
.
I'm going to make release-3.1
branch default now, but if someone has any objections - please speak up.
Hi,
I suspect that the issue with @CanIgnoreReturnValue
and Guava is troublesome for many users. Maybe it would be worth doing a maintenance release ?
PS. The Sonatype repository has snapshots for 4.0.0 (which is great), but not for 3.1.x versions.
I want to know how can I import spotbugs project in eclipse and run it in debug mode?
Hi all,
We plan to release RC7 shortly and I would like to propose an integration stop for a week, to have a chance to release 3.1.0 final on next weekend, if RC7 would be OK.
Please do not merge PR's except bugfixes for regressions reported against RC7.
THANKS!
maybe SpotBugs can apply for it
(Is there really no actual mailing list? Am I supposed to create a new issue instead of sending email?)
When is a final 3.1.0 release of the spotbugs-maven-plugin expected?
Hello! I would like to know if there is a way to make spotbugs execute during the build as well as during site generation? Right now, when I run "mvn site" a report generates just fine. However, when I run "mvn clean site" the report disappears (the rest of my reports remain, however). In order to get the Spotbugs report back, I have to run "mvn test" then "mvn site" again. Is there a way around this, and if not, do you mind explaining why this happens? I am new to maven, using maven 3.3 and spotbugs 3.1.3!
TO whom it may concern,
At this May/26 Japan Java User Group will hold an event, JJUG CCC 2018 Spring, and I will hold a short session about current SpotBugs project. I haven't made its content yet, but I want to talk about current product structure or technical dept in SpotBugs. Talk itself will be held in Japanese.
Note that I held a session regarding static analysis tools (including SpotBugs) for ERP development at last year at JJUG CCC 2017 Spring. It was supported by my employer, but this coming session will be my personal one.
In findbugs there used to be a feature to also generate html reports.
Is this still possible?
Where are the xsl file for the transformation hosted?
I would love to be able to visualize the xml reports somehow.
We follow semver2, then we need to consider how to maintain code for patch release like 3.1.x, and major/minor update such as 3.2.0 and 4.0.0. I'm not sure that we have motivation to release 3.2.0 or not (we have milestone only for 4.0.0), though.
In my experience, it is natural to use master
for major update, and release-3.1
branch for patch. Any idea?
I found that we have no page which describes license of SpotBugs logos.
License will help community to spread SpotBugs, so let's decide license and make a page to announce it.
I think that CC BY-SA 4.0 is suitable, how do you think?
logos:
refs:
Dear Spotbugs Team,
in our code we would like to spot issues like these:
try{
...
} catch (AnyException e){
// doing nothing, no rethrow, no logging ...
}
Or
2.
try{
...
} catch (SomeThirdPartyException e){
// no logging, and original exception not passed to MyCustomException
throw new MyCustomException("some bad description")
}
Does Spotbugs detect such issues? Reading through the bug pattern list I thought DE_MIGHT_DROP or DE_MIGHT_IGNORE would detect case 1., but somehow it did not.
So my questions:
Thank you very much for your help in advance,
Gergely
Our setup:
java 10
we use the gradle plugin
apply plugin: 'com.github.spotbugs'
spotbugs {
toolVersion = "3.1.5"
excludeFilter = file("$rootProject.projectDir/config/spotbugs/excludeFilter.xml")
effort = "min" // tried also max
}
tasks.withType(com.github.spotbugs.SpotBugsTask) {
reports {
xml.enabled false
html.enabled true
}
}
No includeFilter was used.
Content of excludeFilter.xml ():
<FindBugsFilter>
<Match>
<Bug pattern="DM_DEFAULT_ENCODING" />
</Match>
<Match>
<Bug pattern="EI_EXPOSE_REP" />
</Match>
<Match>
<Bug pattern="EI_EXPOSE_REP2" />
</Match>
<Match>
<Bug pattern="UC_USELESS_VOID_METHOD" />
</Match>
<Match>
<Bug pattern="RV_RETURN_VALUE_IGNORED_NO_SIDE_EFFECT" />
</Match>
<Match>
<!-- False positive: https://github.com/spotbugs/spotbugs/issues/432 -->
<Bug pattern="OBL_UNSATISFIED_OBLIGATION" />
</Match>
<Match>
<Class name="~.*MapperImpl$"/>
</Match>
<Match>
<Class name="<DELETED>"/>
</Match>
</FindBugsFilter>
Please let me know if you need further details
As part of my internship, my job is to make spotbugs capable of detecting a specific bug pattern my tutor has found, what would be the best way to go about it?
I've thought of building my own extension like fb-contrib, but I would first like to know if there is another way.
Hello.
I am interested in using FindSecBugs extension that is listed on spotbugs official site, however I suppose there are mixups with naming of essential classes or methods which are used for injecting new inspections in Spotbugs.
Every manual I've seen mentions only Findbugs methods, but if I use them no security inspections are performed - I check it by implementing method that must be flagged according to findsecbugs docs:
public void runtimeEx(String cmd) throws Exception {
Runtime r = Runtime.getRuntime();
r.exec("/bin/sh -c some_tool" + cmd);
}
. And I can't use Spotbugs alternatives because there aren't any.
I have multimodule project. In the beginning of build.gradle I have the following:
buildscript {
repositories {
mavenCentral()
maven {
url "https://plugins.gradle.org/m2/"
}
}
dependencies {
classpath "gradle.plugin.com.github.spotbugs:gradlePlugin:1.2"
}
}
Some time after I have subprojects configuration:
configure(subprojects.findAll {it.path.matches(serviceImplPattern)}){
apply plugin: "com.github.spotbugs"
...
dependencies {
hibernateJpaModelGenTool "org.hibernate:hibernate-jpamodelgen:$hibernateJPAModelGenVersion"
findbugs configurations.findbugsPlugins.dependencies
findbugsPlugins 'com.h3xstream.findsecbugs:findsecbugs-plugin:1.7.1'
}
...
spotbugs {
ignoreFailures = false
sourceSets = [sourceSets.main]
if (skipStaticAnalysis()) {
sourceSets = []
}
effort = "max"
reportLevel = "high"
}
tasks.withType(com.github.spotbugs.SpotBugsTask) {
reports {
xml.enabled = false
html.enabled = true
}
}
...
}
If I change findbugs
to spotbugs
and findbugsPlugins
to spotbugsPlugins
I get errors:
* What went wrong:
A problem occurred evaluating root project 'hcspafo'.
> Could not get unknown property 'spotbugsPlugins' for configuration container of type org.gradle.api.internal.artifacts.configurations.DefaultConfigurationContainer.
* Try:
Run with --info or --debug option to get more log output.
* Exception is:
org.gradle.api.GradleScriptException: A problem occurred evaluating root project 'hcspafo'.
at org.gradle.groovy.scripts.internal.DefaultScriptRunnerFactory$ScriptRunnerImpl.run(DefaultScriptRunnerFactory.java:92)
at org.gradle.configuration.DefaultScriptPluginFactory$ScriptPluginImpl$2.run(DefaultScriptPluginFactory.java:176)
at org.gradle.configuration.ProjectScriptTarget.addConfiguration(ProjectScriptTarget.java:77)
at org.gradle.configuration.DefaultScriptPluginFactory$ScriptPluginImpl.apply(DefaultScriptPluginFactory.java:181)
at org.gradle.configuration.project.BuildScriptProcessor.execute(BuildScriptProcessor.java:39)
at org.gradle.configuration.project.BuildScriptProcessor.execute(BuildScriptProcessor.java:26)
at org.gradle.configuration.project.ConfigureActionsProjectEvaluator.evaluate(ConfigureActionsProjectEvaluator.java:34)
at org.gradle.configuration.project.LifecycleProjectEvaluator.doConfigure(LifecycleProjectEvaluator.java:70)
at org.gradle.configuration.project.LifecycleProjectEvaluator.access$000(LifecycleProjectEvaluator.java:33)
at org.gradle.configuration.project.LifecycleProjectEvaluator$1.execute(LifecycleProjectEvaluator.java:53)
at org.gradle.configuration.project.LifecycleProjectEvaluator$1.execute(LifecycleProjectEvaluator.java:50)
at org.gradle.internal.Transformers$4.transform(Transformers.java:169)
at org.gradle.internal.progress.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:106)
at org.gradle.internal.progress.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:61)
at org.gradle.configuration.project.LifecycleProjectEvaluator.evaluate(LifecycleProjectEvaluator.java:50)
at org.gradle.api.internal.project.DefaultProject.evaluate(DefaultProject.java:599)
at org.gradle.api.internal.project.DefaultProject.evaluate(DefaultProject.java:125)
at org.gradle.execution.TaskPathProjectEvaluator.configure(TaskPathProjectEvaluator.java:35)
at org.gradle.execution.TaskPathProjectEvaluator.configureHierarchy(TaskPathProjectEvaluator.java:60)
at org.gradle.configuration.DefaultBuildConfigurer.configure(DefaultBuildConfigurer.java:38)
at org.gradle.initialization.DefaultGradleLauncher$ConfigureBuildAction.execute(DefaultGradleLauncher.java:233)
at org.gradle.initialization.DefaultGradleLauncher$ConfigureBuildAction.execute(DefaultGradleLauncher.java:230)
at org.gradle.internal.Transformers$4.transform(Transformers.java:169)
at org.gradle.internal.progress.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:106)
at org.gradle.internal.progress.DefaultBuildOperationExecutor.run(DefaultBuildOperationExecutor.java:56)
at org.gradle.initialization.DefaultGradleLauncher.doBuildStages(DefaultGradleLauncher.java:160)
at org.gradle.initialization.DefaultGradleLauncher.doBuild(DefaultGradleLauncher.java:119)
at org.gradle.initialization.DefaultGradleLauncher.run(DefaultGradleLauncher.java:102)
at org.gradle.launcher.exec.GradleBuildController.run(GradleBuildController.java:71)
at org.gradle.tooling.internal.provider.ExecuteBuildActionRunner.run(ExecuteBuildActionRunner.java:28)
at org.gradle.launcher.exec.ChainingBuildActionRunner.run(ChainingBuildActionRunner.java:35)
at org.gradle.launcher.exec.InProcessBuildActionExecuter.execute(InProcessBuildActionExecuter.java:41)
at org.gradle.launcher.exec.InProcessBuildActionExecuter.execute(InProcessBuildActionExecuter.java:26)
at org.gradle.tooling.internal.provider.ContinuousBuildActionExecuter.execute(ContinuousBuildActionExecuter.java:75)
at org.gradle.tooling.internal.provider.ContinuousBuildActionExecuter.execute(ContinuousBuildActionExecuter.java:49)
at org.gradle.tooling.internal.provider.ServicesSetupBuildActionExecuter.execute(ServicesSetupBuildActionExecuter.java:49)
at org.gradle.tooling.internal.provider.ServicesSetupBuildActionExecuter.execute(ServicesSetupBuildActionExecuter.java:31)
at org.gradle.launcher.daemon.server.exec.ExecuteBuild.doBuild(ExecuteBuild.java:67)
at org.gradle.launcher.daemon.server.exec.BuildCommandOnly.execute(BuildCommandOnly.java:36)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120)
at org.gradle.launcher.daemon.server.exec.WatchForDisconnection.execute(WatchForDisconnection.java:47)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120)
at org.gradle.launcher.daemon.server.exec.ResetDeprecationLogger.execute(ResetDeprecationLogger.java:26)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120)
at org.gradle.launcher.daemon.server.exec.RequestStopIfSingleUsedDaemon.execute(RequestStopIfSingleUsedDaemon.java:34)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120)
at org.gradle.launcher.daemon.server.exec.ForwardClientInput$2.call(ForwardClientInput.java:74)
at org.gradle.launcher.daemon.server.exec.ForwardClientInput$2.call(ForwardClientInput.java:72)
at org.gradle.util.Swapper.swap(Swapper.java:38)
at org.gradle.launcher.daemon.server.exec.ForwardClientInput.execute(ForwardClientInput.java:72)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120)
at org.gradle.launcher.daemon.server.exec.LogAndCheckHealth.execute(LogAndCheckHealth.java:55)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120)
at org.gradle.launcher.daemon.server.exec.LogToClient.doBuild(LogToClient.java:60)
at org.gradle.launcher.daemon.server.exec.BuildCommandOnly.execute(BuildCommandOnly.java:36)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120)
at org.gradle.launcher.daemon.server.exec.EstablishBuildEnvironment.doBuild(EstablishBuildEnvironment.java:72)
at org.gradle.launcher.daemon.server.exec.BuildCommandOnly.execute(BuildCommandOnly.java:36)
at org.gradle.launcher.daemon.server.api.DaemonCommandExecution.proceed(DaemonCommandExecution.java:120)
at org.gradle.launcher.daemon.server.exec.StartBuildOrRespondWithBusy$1.run(StartBuildOrRespondWithBusy.java:50)
at org.gradle.launcher.daemon.server.DaemonStateCoordinator$1.run(DaemonStateCoordinator.java:297)
at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:63)
at org.gradle.internal.concurrent.StoppableExecutorImpl$1.run(StoppableExecutorImpl.java:46)
Caused by: groovy.lang.MissingPropertyException: Could not get unknown property 'spotbugsPlugins' for configuration container of type org.gradle.api.internal.artifacts.configurations.DefaultConfigurationContainer.
at org.gradle.internal.metaobject.AbstractDynamicObject.getMissingProperty(AbstractDynamicObject.java:85)
at org.gradle.internal.metaobject.AbstractDynamicObject.getProperty(AbstractDynamicObject.java:62)
at org.gradle.api.internal.artifacts.configurations.DefaultConfigurationContainer_Decorated.getProperty(Unknown Source)
at build_72fnjt7y4wwfjb0dztk1iandm$_run_closure14$_closure49.doCall(C:\projects\hcspafo\build.gradle:292)
at org.gradle.api.internal.ClosureBackedAction.execute(ClosureBackedAction.java:70)
at org.gradle.util.ConfigureUtil.configureTarget(ConfigureUtil.java:160)
at org.gradle.util.ConfigureUtil.configure(ConfigureUtil.java:106)
at org.gradle.api.internal.project.DefaultProject.dependencies(DefaultProject.java:979)
at org.gradle.internal.metaobject.BeanDynamicObject$MetaClassAdapter.invokeMethod(BeanDynamicObject.java:464)
at org.gradle.internal.metaobject.BeanDynamicObject.invokeMethod(BeanDynamicObject.java:176)
at org.gradle.internal.metaobject.CompositeDynamicObject.invokeMethod(CompositeDynamicObject.java:96)
at org.gradle.internal.metaobject.MixInClosurePropertiesAsMethodsDynamicObject.invokeMethod(MixInClosurePropertiesAsMethodsDynamicObject.java:30)
at org.gradle.internal.metaobject.ConfigureDelegate.invokeMethod(ConfigureDelegate.java:59)
at build_72fnjt7y4wwfjb0dztk1iandm$_run_closure14.doCall(C:\projects\hcspafo\build.gradle:289)
at org.gradle.api.internal.ClosureBackedAction.execute(ClosureBackedAction.java:70)
at org.gradle.util.ConfigureUtil.configureTarget(ConfigureUtil.java:160)
at org.gradle.util.ConfigureUtil.configure(ConfigureUtil.java:106)
at org.gradle.api.internal.project.DefaultProject.configure(DefaultProject.java:960)
at org.gradle.api.internal.project.DefaultProject.configure(DefaultProject.java:965)
at org.gradle.internal.metaobject.BeanDynamicObject$MetaClassAdapter.invokeMethod(BeanDynamicObject.java:464)
at org.gradle.internal.metaobject.BeanDynamicObject.invokeMethod(BeanDynamicObject.java:176)
at org.gradle.internal.metaobject.CompositeDynamicObject.invokeMethod(CompositeDynamicObject.java:96)
at org.gradle.internal.metaobject.MixInClosurePropertiesAsMethodsDynamicObject.invokeMethod(MixInClosurePropertiesAsMethodsDynamicObject.java:30)
at org.gradle.groovy.scripts.BasicScript.invokeMethod(BasicScript.java:111)
at org.gradle.groovy.scripts.BasicScript.methodMissing(BasicScript.java:120)
at build_72fnjt7y4wwfjb0dztk1iandm.run(C:\projects\hcspafo\build.gradle:275)
at org.gradle.groovy.scripts.internal.DefaultScriptRunnerFactory$ScriptRunnerImpl.run(DefaultScriptRunnerFactory.java:90)
... 62 more
I am migrating an ant project from FindBugs to SpotBugs, and am getting the following output difference:
FindBugs:
findbugs:
[findbugs] Executing findbugs FindBugsTask from ant task
[findbugs] Running FindBugs...
[findbugs] Warnings generated: 727
[findbugs] Calculating exit code...
[findbugs] Setting 'bugs found' flag (1)
[findbugs] Exit code set to: 1
[findbugs] Java Result: 1
[findbugs] Output saved to /Users/rhwood/Developer/JMRI/JMRI/rhwood/findbugs/findbugs.html
SpotBugs:
spotbugs:
[spotbugs] Executing SpotBugs FindBugsTask from ant task
[spotbugs] Running SpotBugs...
[spotbugs] The following classes needed for analysis were missing:
[spotbugs] itemStateChanged
[spotbugs] actionPerformed
[spotbugs] Warnings generated: 742
[spotbugs] Missing classes: 2
[spotbugs] Calculating exit code...
[spotbugs] Setting 'missing class' flag (2)
[spotbugs] Setting 'bugs found' flag (1)
[spotbugs] Exit code set to: 3
[spotbugs] Java Result: 3
[spotbugs] Classes needed for analysis were missing
[spotbugs] Output saved to /Users/rhwood/Developer/JMRI/JMRI/rhwood/JMRI/spotbugs.html
Those two missing classes are method names, not classes. What should I be looking for to figure out what when wrong?
This may relate to the following:
We have code that looks like:
public void thing1() {
try {
PreparedStatement stmt = conn.prepareStatement("SELECT * FROM ? LIMIT 1");
stmt.setString(1, "TABLE");
stmt.executeUpdate();
} catch (SQLException e) {
logger.error(e.getLocalizedMessage());
} finally {
DbUtils.closeQuietly(stmt);
}
}
This clearly closes the statement. SpotBugs throws an error OBL_UNSATISFIED_OBLIGATION and seems to want me to close the connection, and the statement in a series of nested try..finally blocks.
I recently asked admin permission for https://github.com/h3xstream/sonar-findbugs.
The sonar team transfer me the repository ownership. It used to be a project maintain by SonarSource team.
I was thinking about moving it under the organisation spotbugs.
Note : SonarQube provide a free community platform to use SpotBugs. It also provide commercial support and services.
Btw, I will soon do a proper release of the plugin.
I have a fairly large project where the whole analysis can take several minutes. The project is split into Maven modules (some small, some large). Currently, the analysis is triggered separately for each project (that's how the gradle plugin works as well, AFAIK) with the classes for that project as "classes" and all it's dependencies as "auxclasspath".
I didn't do any benchmarks yet, but my intuition tells me that at least some of the effort is repeated. I'm not also sure if this is the correct way to do it, i.e. would analyzing all the projects in one go yield more accurate results then one by one ?
Another common case is that running the analysis with the same set of dependecies (you don't upgrade your libraries every day).
In both cases, I think it would be possible to reuse some of the data gathered in previous analysis as long as the "auxclasspath" did not change.
Do you think it's an idea worth exploring?
I'm converting from FindBugs to SpotBugs. I have an exclude list with this entry:
<Match>
<Or>
<Class name="com.sun.mail.imap.DefaultFolder$1"/>
<Class name="com.sun.mail.imap.DefaultFolder$2"/>
<Class name="com.sun.mail.imap.IMAPFolder$1"/>
<Class name="com.sun.mail.imap.IMAPFolder$4"/>
<Class name="com.sun.mail.imap.IMAPFolder$7"/>
<Class name="com.sun.mail.imap.IMAPFolder$13"/>
<Class name="com.sun.mail.imap.IMAPFolder$20"/>
<Class name="com.sun.mail.imap.IdleManager$2"/>
</Or>
<Bug pattern="SIC_INNER_SHOULD_BE_STATIC_ANON"/>
</Match>
FindBugs ignores these errors. SpotBugs does not.
Changing the entry to use a regular expression instead of an exact class name does work.
(I'm calling FindBugs/SpotBugs from Maven, if that matters.)
Hello everyone,
I have a problem, when I run an analysis on an .war or source code, I get results but without the source code display.
I use findsecbug plugin .
Thanks for the future answers:)
Looking at the spotbugs
repository, there’s a lot of files in there that I would wager none of the current maintainers can maintain or want to.
I think we should compile a list of these files here along with the reason why we think they can be removed.
Here’s a start:
findbugs.keystore
: The certificate expired 24 April 2014 and AFAIK we don’t even have the keystore’s password.jnlp
: I doubt that anyone uses these. There used to be a way of using Java Webstart for a demo, but I don’t think we offer something similar at the moment.What else?
Now sonar-findbugs is not maintained by SonarSource, and nobody deploy its artifact to Maven central.
Then we can change its groupId to com.github.spotbugs
from version 3.7 and deploy to maven central by us.
In my understanding, we do not need to migrate their Git repo to our organization, but it should be better to rename its name and artifactId to sonar-spotbugs.
This issue is meant to discuss best practices for how to pass additional, user-configurable options to a detector. As far as I can see, there are three alternatives to do so:
-jvmArgs -Dkey=value
command line option)-userPrefs
command line option)<GlobalOption>
(-choosePlugins
command line option)The preferred alternative should offer a straight-forward way to access the value in the detector:
SystemProperties.getProperty(String)
UserPreferences
object from within a Detector
DetectorCollectionFactory.getGlobalOption
)Moreover, the preferred alternative should not only work when SpotBugs is invoked from the command line, but should also be settable from within Eclipse, e.g., through a preference page.
findbugsPlugins
extension point to load a SpotBugs plugin doesn’t mean that the surrounding Eclipse plug-in wrapper’s Activator is run; so you can’t set the system property anew on demand when the wrapper is activated.)FindbugsPlugin.getUserPreferences(...)
and saveUserPreferences(...)
called from the preference page or even (per-project) from the project’s Properties pageAm I missing any other alternatives? How can alternatives 2 and 3 above access the configured value in the detector? And which alternative should in your opinion be considered a best practice?
Many open-source projects encourage their users to ask questions on StackOverflow instead of Github issues.
SpotBugs projects could link to StackOverflow with the appropriate tags: https://stackoverflow.com/questions/ask?tags=spotbugs,java
I just created an ISSUE_TEMPLATE.md file for the find-sec-bugs:
https://github.com/find-sec-bugs/find-sec-bugs/issues/new
Hi,
I wondered that on Maven central the spotbugs-maven-plugin
artifact is still on 3.1.0-RC6
. Is this going to change to 3.1.0
or is RC6 equal to the final version?
A roadmap for spotbugs should be posted to allow users, plugin developers, detector developers, and others to see where we are heading.
This will be useful for Findbugs users looking to plan and change to Spotbugs.
In my time on working with the Maven and ANT plugins I noticed some items I believe we need to keep in sight going forward to keep our current users and attract new users.
The configuration of a Findbugs job varies depending on the interface (i.e.command line, ANT, or eclipse, intellij, or maven) used. This can lead to differing outputs a developer may see in their IDE and what a build server presents running maven, gradle, ant or sbt.
I have tried to follow the the command line set up since looked like the common mechanism used but the creator and the course at UMD ( University of Maryland). This had its short-comings, as the documentation to that has been incomplete.
As a useful tool for continuity between sub-projects and migration from findbugs the main project should have classess and interfaces for conversion between include/exclude config files for spotbugs. This will make it easier for IDE to be configured to match build setups.
Is there a way to use a wildcard when specifying exclude files with <excludeFilterFile>
for the spotbugs maven plug-in?
When I was using the findbugs ant task, I could select exclude filter files with the following:
<excludePath>
<fileset dir="${src.dir}" includes="**/findbugs-*-exclude-filter.xml"/>
<fileset dir="${test-src.dir}" includes="**/findbugs-*-exclude-filter.xml"/>
</excludePath>
https://spotbugs.github.io/spotbugs-maven-plugin/check-mojo.html#excludeFilterFile
Regards,
-Mike
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.