Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/spotbugs/spotbugs-maven-plugin

Maven Mojo Plug-In to generate reports based on the SpotBugs Analyzer
https://github.com/spotbugs/spotbugs-maven-plugin

maven-plugin spotbugs spotbugs-plugin

Last synced: 2 months ago
JSON representation

Maven Mojo Plug-In to generate reports based on the SpotBugs Analyzer

Awesome Lists containing this project

README 

          
# Spotbugs Maven Plugin



[![Java CI](https://github.com/spotbugs/spotbugs-maven-plugin/actions/workflows/ci.yaml/badge.svg)](https://github.com/spotbugs/spotbugs-maven-plugin/actions/workflows/ci.yaml)

[![Java Integration Tests](https://github.com/spotbugs/spotbugs-maven-plugin/actions/workflows/it.yaml/badge.svg)](https://github.com/spotbugs/spotbugs-maven-plugin/actions/workflows/it.yaml)

[![Coverage Status](https://coveralls.io/repos/github/spotbugs/spotbugs-maven-plugin/badge.svg?branch=master)](https://coveralls.io/github/spotbugs/spotbugs-maven-plugin?branch=master)

[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=spotbugs_spotbugs-maven-plugin&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=spotbugs_spotbugs-maven-plugin)

[![Maven Central](https://img.shields.io/maven-central/v/com.github.spotbugs/spotbugs-maven-plugin.svg)](https://search.maven.org/com.github.spotbugs/spotbugs-maven-plugin)

[![Reproducible Builds](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/jvm-repo-rebuild/reproducible-central/master/content/com/github/spotbugs/spotbugs-maven-plugin/badge.json)](https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/com/github/spotbugs/spotbugs-maven-plugin/README.md)

[![Apache 2](https://img.shields.io/badge/license-Apache%202-blue.svg)](https://www.apache.org/licenses/LICENSE-2.0)



Maven Mojo Plug-In to generate reports based on the [SpotBugs](https://github.com/spotbugs/spotbugs) Analyzer.



## Building spotbugs-maven-plugin Requirements ##



* Java 21+ is required to build the spotbugs maven plugin.  Usage allowed to currently supported jdks (ie 11, 17, 21, 25, 26-ea).

* Maven 3.9.11 is required to build the spotbugs maven plugin.



## Running spotbugs-maven-plugin Requirements ##



* Java 11 or better is required for spotbugs analysis.

* Maven 3.6.3 or better is required for spotbugs analysis.



## Usage ##



The [SpotBugs documentation](https://spotbugs.readthedocs.io/en/latest/maven.html) describes the pom.xml modifications and Maven goals.



The [SpotBugs Maven documentation](https://spotbugs.github.io/spotbugs-maven-plugin/) directly describes the pom.xml modifications and Maven goals along with project documentation.



### Latest Snapshot ###



Please download latest [snapshot](https://oss.sonatype.org/content/repositories/snapshots/com/github/spotbugs/spotbugs-maven-plugin/).



### Override Spotbugs Version ###



Spotbugs aligns with spotbugs releases but normally does not have a hard requirement on this, therefore you can override the spotbugs version as follows replacing

the spotbugs plugin and spotbugs versions as you need.



```

    

        com.github.spotbugs

        spotbugs-maven-plugin

        ${spotbugs-maven-plugin.version}

        

            

                com.github.spotbugs

                spotbugs

                ${spotbugs.version}

            

        

    

```



### Special notice ###



Continue to use `FindBugsFilter` when needed as the spotbugs project has not yet renamed that to reflect project.



## Running Tests ##



Run all tests

```

mvn -DtestSrc=remote -Prun-its clean install -D"invoker.parallelThreads=8"

```

Skip tests

```

mvn -DskipTests=true clean install

```

Run tests on spotbugs test source code that is local instead of from SpotBugs github repository

```

mvn -DtestSrc=local -DlocalTestSrc=/opt/spotBugs -Prun-its clean install -D"invoker.parallelThreads=8"

```



Run selected tests

```

mvn -DtestSrc=remote -Prun-its -Dinvoker.test=build-*,basic-1,check-nofail clean install -D"invoker.parallelThreads=8"

```



Run tests in debugger

```

mvn -Dmaven.surefire.debug="-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 -Xnoagent -Djava.compiler=NONE" -Prun-its clean install

```



Run selected tests in debugger

```

mvn -Dmaven.surefire.debug="-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 -Xnoagent -Djava.compiler=NONE" -Prun-its -Dinvoker.test=build-*,basic-1,check clean install

```



Run gui with a specific version 

```

mvn com.github.spotbugs:spotbugs-maven-plugin:${spotbugs.plugin}:gui

```



## Testing Upstream Spotbugs Updates ##



- In the pom.xml, switch `x.x.x` to spotbugs snapshot Version so that it pulls from sonatype snapshots.

- In the pom.xml, switch `${spotbugs.version}` to 'master'.



## Creating new site examples ##



This product `site` contains a copy of an integration test result using spotbugs to show how it works.  To update that, use the following instructions.



* Execute `mvn -DtestSrc=remote -Prun-its clean install -D"invoker.parallelThreads=8"`

* Then replace current `src/site/resources/examples` entirely with any working example 'site' folder (Currently uses `target/it/basic-1/target/site` and includes `spotbugs.xml` and `spotbugsXml.xml` from `target/it/basic-1/target`).

* Commit results and submit a pull request to apply.



## Contributing ##



Run integration tests

```

mvn clean install -P run-its -DtestSrc=remote

```



## Groovy ##



This plugin is written entirely in Groovy.  It does have limitations when it comes to Groovy in relation to java releases.  Every attempt is made to ensure fast releases to pick up Groovy changes related to java.



Known issues



The security manager is turned off by default in jdk 18 and scheduled from removal in a future java release, therefore to use this plugin with jdk 18+,

the security manager may need to be turned back on by setting `JAVA_OPTS` to `-Djava.security.manager=allow`.

See [groovy](https://groovy-lang.org/releasenotes/groovy-4.0.html) for more details.



If using Groovy with same group id (`org.codehaus.groovy 3.x` and before; or `org.apache.groovy 4.x and above`),

an error may occur if not on same version. To alleviate that, make sure Groovy artifacts are defined in `dependencyManagement`

to ensure the correct version is loaded.



## Eclipse m2e Integration ##



The plugin cycles controlled by Eclipse require compilation phase for m2e without further help.  This plugin runs verify only during site generation.

Therefore Eclipse m2e will show up but not do anything with this plugin alone.  In order to have proper execution within Eclipse m2e,

use [m2e-code-quality](https://github.com/m2e-code-quality/m2e-code-quality) plugin for spotbugs.



## Analysis Properties ##



Is there some way to set the [Analysis Properties](https://spotbugs.readthedocs.io/en/stable/analysisprops.html) when using the maven plugin?



Analysis properties are passed as Java system properties, so they can be set in the `` in the `` block of the plugin.



E.g. to set the findbugs.assertionmethods analyzer property:



```



    com.github.spotbugs

    spotbugs-maven-plugin

    

        -Dfindbugs.assertionmethods=org.apache.commons.lang3.Validate.notNull

    



```