一、findbugs-maven-plugin

介绍:

Status: Since Findbugs is no longer maintained, please use Spotbugs which has a Maven plugin. It is located at here.

Please Note - This version is using Findbugs 3.0.1.

FindBugs looks for bugs in Java programs. It is based on the concept of bug patterns. A bug pattern is a code idiom that is often an error. Bug patterns arise for a variety of reasons:

  • Difficult language features
  • Misunderstood API methods
  • Misunderstood invariants when code is modified during maintenance
  • Garden variety mistakes: typos, use of the wrong boolean operator

FindBugs uses static analysis to inspect Java bytecode for occurrences of bug patterns. We have found that FindBugs finds real errors in most Java software. Because its analysis is sometimes imprecise, FindBugs can report false warnings, which are warnings that do not indicate real errors. In practice, the rate of false warnings reported by FindBugs is generally less than 50%.

FindBugs is free software, available under the terms of the Lesser GNU Public License. It is written in Java, and can be run with any virtual machine compatible with Java 7. It can analyze programs written for any version of Java. FindBugs was originally developed by Bill Pugh. It is maintained by Bill Pugh, David Hovemeyer, and a team of volunteers.

FindBugs uses BCEL to analyze Java bytecode. It uses dom4j for XML manipulation.

This introduction is an excerpt from the Facts Sheet at FindBugs home page.

To see more documentation about FindBugs' options, please see the FindBugs Manual.

https://gleclaire.github.io/findbugs-maven-plugin/

 
使用:

Usage version3.0.6-SNAPSHOT/version The following examples describe the basic usage of the FindBugs plugin.

Generate FindBugs Report As Part of the Project Reports

To generate the FindBugs report as part of the Project Reports, add the FindBugs plugin in the <reporting> section of your pom.xml.

<project>

  ...

  <reporting>

    <plugins>

      <plugin>

        <groupId>org.codehaus.mojo</groupId>

        <artifactId>findbugs-maven-plugin</artifactId>

        <version>3.0.6-SNAPSHOT</version>

      </plugin>

    </plugins>

  </reporting>

  ...

</project>

Then, execute the site plugin to generate the report.

mvn site

Generate FindBugs xdoc Report As Part of the Project Reports

To generate the FindBugs xdoc report as part of the Project Reports, add the FindBugs plugin in the <reporting> section of your pom.xml. This will be the same report as that of the Maven 1 FindBugs report. It is also the format used by Hudson. The output file will be written as findbugs.xml to either the default output directory of ${project.build.directory} or by that started in the <xmlOutputDirectory> option.

<project>

  ...

  <reporting>

    <plugins>

      <plugin>

        <groupId>org.codehaus.mojo</groupId>

        <artifactId>findbugs-maven-plugin</artifactId>

        <version>3.0.6-SNAPSHOT</version>

        <configuration>

          <xmlOutput>true</xmlOutput>

          <!-- Optional directory to put findbugs xdoc xml report -->

          <xmlOutputDirectory>target/site</xmlOutputDirectory>

        </configuration>

      </plugin>

    </plugins>

  </reporting>

  ...

</project>

Then, execute the site plugin to generate the report.

mvn site

Filter bugs to report

To filter the classes and methods which are analyzed or omitted from analysis you can use filters. The filters allow specifying by class and method which bug categories to include/exclude in/from the reports. The filter format specification also contains useful examples.

<project>

  ...

  <reporting>

    <plugins>

      <plugin>

        <groupId>org.codehaus.mojo</groupId>

        <artifactId>findbugs-maven-plugin</artifactId>

        <version>3.0.6-SNAPSHOT</version>

        <configuration>

          <excludeFilterFile>findbugs-exclude.xml</excludeFilterFile>

          <includeFilterFile>findbugs-include.xml</includeFilterFile>

        </configuration>

      </plugin>

    </plugins>

  </reporting>

  ...

</project>

Then, execute the site plugin to generate the report.

mvn site

Specifying which bug filters to run

To filter the classes and methods which are analyzed or omitted from analysis you can use filters. The filters allow specifying by class and method which bug categories to include/exclude in/from the reports. The filter format specification also contains useful examples.

<project>

  ...

  <reporting>

    <plugins>

      <plugin>

        <groupId>org.codehaus.mojo</groupId>

        <artifactId>findbugs-maven-plugin</artifactId>

        <version>3.0.6-SNAPSHOT</version>

        <configuration>

          <excludeFilterFile>findbugs-exclude.xml</excludeFilterFile>

          <includeFilterFile>findbugs-include.xml</includeFilterFile>

        </configuration>

      </plugin>

    </plugins>

  </reporting>

  ...

</project>

Then, execute the site plugin to generate the report.

mvn site

Specifying which bug detectors to run

The visitors option specifies a comma-separated list of bug detectors which should be run. The bug detectors are specified by their class names, without any package qualification. By default, all detectors which are not disabled are run.

<project>

  ...

  <reporting>

    <plugins>

      <plugin>

        <groupId>org.codehaus.mojo</groupId>

        <artifactId>findbugs-maven-plugin</artifactId>

        <version>3.0.6-SNAPSHOT</version>

        <configuration>

          <visitors>FindDeadLocalStores,UnreadFields</visitors>

        </configuration>

      </plugin>

    </plugins>

  </reporting>

  ...

</project>

Then, execute the site plugin to generate the report.

mvn site

Specifying which bug detectors to skip

The omitVisitors option is like the visitors attribute, except it specifies detectors which will not be run.

<project>

  ...

  <reporting>

    <plugins>

      <plugin>

        <groupId>org.codehaus.mojo</groupId>

        <artifactId>findbugs-maven-plugin</artifactId>

        <version>3.0.6-SNAPSHOT</version>

        <configuration>

          <omitVisitors>FindDeadLocalStores,UnreadFields</omitVisitors>

        </configuration>

      </plugin>

    </plugins>

  </reporting>

  ...

</project>

Then, execute the site plugin to generate the report.

mvn site

Specifying which classes to analyze

The onlyAnalyze option restricts analysis to the given comma-separated list of classes and packages.

<project>

  ...

  <reporting>

    <plugins>

      <plugin>

        <groupId>org.codehaus.mojo</groupId>

        <artifactId>findbugs-maven-plugin</artifactId>

        <version>3.0.6-SNAPSHOT</version>

        <configuration>

         <onlyAnalyze>org.codehaus.mojo.findbugs.*</onlyAnalyze>

        </configuration>

      </plugin>

    </plugins>

  </reporting>

  ...

</project>

Then, execute the site plugin to generate the report.

mvn site

Using Third party or your own detectors

The pluginList option specifies a comma-separated list of optional BugDetector Jar files to add.

<project>

  ...

  <reporting>

    <plugins>

      <plugin>

        <groupId>org.codehaus.mojo</groupId>

        <artifactId>findbugs-maven-plugin</artifactId>

        <version>3.0.6-SNAPSHOT</version>

        <configuration>

          <pluginList>myDetectors.jar, yourDetectors.jar</pluginList>

        </configuration>

      </plugin>

    </plugins>

  </reporting>

  ...

</project>

Then, execute the site plugin to generate the report.

mvn site

Using Detectors from a Repository

The plugins option defines a collection of PluginArtifact to work on. (PluginArtifact contains groupId, artifactId, version, type.)

<project>

  ...

  <reporting>

    <plugins>

      <plugin>

        <groupId>org.codehaus.mojo</groupId>

        <artifactId>findbugs-maven-plugin</artifactId>

        <version>3.0.6-SNAPSHOT</version>

        <configuration>

          <plugins>

            <plugin>

              <groupId>com.timgroup</groupId>

              <artifactId>findbugs4jmock</artifactId>

              <version>0.2</version>

            </plugin>

          </plugins>

        </configuration>

      </plugin>

    </plugins>

  </reporting>

  ...

</project>

Then, execute the site plugin to generate the report.

mvn site

Launch the Findbugs GUI

This will launch the FindBugs GUI configured for this project and will open the findbugsXml.xml file if present. It therefore assumes a pom.xml with the minimum as follows.

<project>

  ...

  <reporting>

    <plugins>

      <plugin>

        <groupId>org.codehaus.mojo</groupId>

        <artifactId>findbugs-maven-plugin</artifactId>

        <version>3.0.6-SNAPSHOT</version>

        <configuration>

          <!-- Optional directory to put findbugs xml report -->

        </configuration>

      </plugin>

    </plugins>

  </reporting>

  ...

</project>

Then, execute the findbugs plugin with the gui option.

mvn findbugs:gui

二、SpotBugs Maven Plugin

Introduction

SpotBugs is a program to find bugs in Java programs. It looks for instances of “bug patterns” — code instances that are likely to be errors.

This document describes version 4.0.3 of SpotBugs. We are very interested in getting your feedback on SpotBugs. Please visit the SpotBugs web page for the latest information on SpotBugs, contact information, and support resources such as information about the SpotBugs GitHub organization.

Requirements

To use SpotBugs, you need a runtime environment compatible with Java version 1.8 or later. SpotBugs is platform independent, and is known to run on GNU/Linux, Windows, and MacOS X platforms.

You should have at least 512 MB of memory to use SpotBugs. To analyze very large projects, more memory may be needed.

Supported Java version

SpotBugs is built by JDK8, and run on JRE8 and newer versions.

SpotBugs can scan bytecode (class files) generated by JDK8 and newer versions. However, support for Java 11 and newer is still experimental. Visit issue tracker to find known problems.

SpotBugs does not support bytecode (class files) generated by outdated JDK such as 10, 9, 7 and older versions.

Using the SpotBugs Maven Plugin

This chapter describes how to integrate SpotBugs into a Maven project.

Add spotbugs-maven-plugin to your pom.xml

Add <plugin> into your pom.xml like below:

<plugin>

  <groupId>com.github.spotbugs</groupId>

  <artifactId>spotbugs-maven-plugin</artifactId>

  <version>4.0.0</version>

  <dependencies>

    <!-- overwrite dependency on spotbugs if you want to specify the version of spotbugs -->

    <dependency>

      <groupId>com.github.spotbugs</groupId>

      <artifactId>spotbugs</artifactId>

      <version>4.0.3</version>

    </dependency>

  </dependencies>

</plugin>

Goals of spotbugs-maven-plugin

spotbugs goal

三、附加订阅

从 findbugs-maven-plugin 到 spotbugs-maven-plugin 帮你找到代码中的bug的更多相关文章

  1. FindBugs 入门——帮你减少代码中的bug数

    FindBugs 入门 FindBugs 作用 开发人员在开发了一部分代码后,可以使用FindBugs进行代码缺陷的检查.提高代码的质量,同时也可以减少测试人员给你报的bug数. 代码缺陷分类 根据缺 ...

  2. CoreException: Could not get the value for parameter compilerId for plugin execution default-compile Maven项目pom文件报错,插件引用不到

    CoreException: Could not get the value for parameter compilerId for plugin execution default-compile ...

  3. maven Error resolving version for plugin 'org.apache.maven.plugins:maven-eclipse-plugin' from the repositories 解决

    报错:Error resolving version for plugin 'org.apache.maven.plugins:maven-eclipse-plugin' from the repos ...

  4. CoreException: Could not calculate build plan: Plugin org.apache.maven.plugins:maven-compiler-plugin:3.1 or one of its dependencies could not be resolved

    CoreException: Could not calculate build plan: Plugin org.apache.maven.plugins:maven-compiler-plugin ...

  5. Could not calculate build plan: Plugin org.apache.maven.plugins:maven-resources-plugin:2.5

    Could not calculate build plan: Plugin org.apache.maven.plugins:maven-resources-plugin:2.5 or one of ...

  6. maven install 报错Could not calculate build plan: Plugin org.apache.maven.plugins:maven-resources-plugin

    Could not calculate build plan: Plugin org.apache.maven.plugins:maven-resources-plugin:2.6 or one of ...

  7. Eclipse使用Maven,创建项目出现:Could not calculate build plan: Plugin org.apache.maven.plugins:maven-resour

    使用maven创建简单的项目时候经常会遇到 Could not calculate build plan: Plugin org.apache.maven.plugins:maven-resource ...

  8. Maven的几个常用plugin

    出自:https://www.cnblogs.com/zhangxh20/p/6298062.html maven-compiler-plugin 编译Java源码,一般只需设置编译的jdk版本 &l ...

  9. Maven系列(一)plugin

    Maven系列(一)plugin maven-compiler-plugin 使用 mvn compile 命令,出现错误: 编码 GBK 的不可映射字符而不能编译.这是因为代码或注释中存在中文引起的 ...

  10. eclipse导入maven项目时报Could not calculate build plan: Plugin org.apache.maven.plugins:maven-resources

    在用Eclipse IDE for Java EE Developers进行maven项目的开发时,报错Could not calculate build plan: Plugin org.apach ...

随机推荐

  1. Kubernetes leader election 源码分析

    0. 前言 Kubernetes:kube-scheduler 源码分析 介绍了 kube-scheduler 调度 Pod 的逻辑.文中有一点未提的是,在 Kubernetes 集群中,kube-s ...

  2. kafka学习笔记02-kafka消息存储

    kafka消息存储 broker.topic.partition kafka 的数据分布是一个 3 级结构,依次为 broker.topic.partition. 也可以理解为数据库的分库分表,然后还 ...

  3. maketrans和translate按规则一次性替换多个字符,用来替代replace

    str_ = 'i love you' compiler_ = str_.maketrans('i l y', 'I L Y') print(str_.translate(compiler_))

  4. Java 封装性的小练习

    1 package com.bytezero.test2; 2 3 public class Person 4 { 5 private int age; 6 7 public void setAge( ...

  5. kafka的数据同步原理ISR、ACK、LEO、HW

    1.数据可靠性保证,数据同步 为保证 producer 发送的数据,能可靠的发送到指定的 topic,topic 的每个 partition 收到 producer 发送的数据后,都需要向 produ ...

  6. Codeforces Round 928 (Div. 4)(A、B、C、D、E、G)

    目录 A B C D E G A 统计A.B输出 #include <bits/stdc++.h> #define int long long #define rep(i,a,b) for ...

  7. Codeforces Round 260 (Div. 1)A. Boredom(dp)

    最开始写了一发贪心wa了,然后这种选和不选的组合优化问题,一般是考虑动态规划 \(dp[i][0]:\)表示第i个数不选的最大值 \(dp[i][1]:\)表示第i个数选的最大值 考虑转移: \(dp ...

  8. [学习笔记]在Linux中使用源码编译的方式安装Nginx

    ​准备工作 准备nginx源码包: http://nginx.org/en/download.html 准备相关的依赖包以及环境: gzip 模块需要 zlib 库  http://www.zlib. ...

  9. 学习笔记-涛讲F#(中级)

    目录 适配器模式 责任链模式 命令模式 策略模式 工厂模式 单例模式 其它内容 这一系列的视频主要讲了F#设计模式的实现,没有太多其它内容,笔记内容主要是转载Snippets tagged desig ...

  10. 基于stm32的spi接口dma 数据收发实例解析

    一 前记 SPI接口平时用的比较少,再加上对CUBEMX不是很熟悉,这里踩了不少坑才把问题解决.针对遇到了不少问题,是要值得梳理一下了. 二 源码解析 1 SPI的DMA发送端配置: 2 主函数源码: ...