About Petri Kainulainen

Petri is passionate about software development and continuous improvement. He is specialized in software development with the Spring Framework and is the author of Spring Data book.

FindBugs Maven Plugin Tutorial

FindBugs is a static code analysis tool which identifies problems found from Java code.

We can integrate FindBugs into our build process by using the FindBugs Maven plugin. This blog post identifies four typical use cases and describes how we can configure the FindBugs Maven plugin to support each use case.

The described use cases are:
 
 
 

  1. Create FindBugs report as a part of the project reports.
  2. Fail the build if FindBugs finds problems from the source code.
  3. Create a XML report without failing the build.
  4. Create both XML and HTML reports without creating the site.

Let’s get started.

Use Case 1: Create Findbugs Report as a Part of the Project Reports

Sometimes we don’t want to run static code analysis every time when our project is compiled. Instead we want to run it manually when we need it. If this is the case, our best option is to create the FindBugs report when we create the site of the project.

We can do this by following these steps:

  1. Add the declaration of the FindBugs Maven plugin to the reporting section of the pom.xml file.
  2. Configure the FindBugs Maven plugin by following these steps:
    1. Ensure that most accurate analysis is performed.
    2. Ensure that all bugs are reported.
    3. Ensure that XML report is generated.

The relevant part of the pom.xml file looks as follows:

<reporting>
    <plugins>
        <plugin>
            <groupId>org.codehaus.mojo</groupId>
            <artifactId>findbugs-maven-plugin</artifactId>
            <version>2.5.2</version>
            <configuration>
                <!--
                   Enables analysis which takes more memory but finds more bugs.
                   If you run out of memory, changes the value of the effort element
                   to 'low'.
               -->
                <effort>Max</effort>
                <!-- Reports all bugs (other values are medium and max) -->
                <threshold>Low</threshold>
                <!-- Produces XML report -->
                <xmlOutput>true</xmlOutput>
            </configuration>
        </plugin>
    </plugins>
</reporting>

The report is created only when the project is compiled.

In other words, when we want to create the FindBugs report, we have to run the following command at command prompt:

mvn clean compile site

Let’s move on and find out how we can fail the build if FindBugs finds problems from our source code.

Use Case 2: Fail the Build if Problems Are Found

If we want to be sure that our code doesn’t contain even a minor problem, it might be good idea to run static code analysis every time when our project is compiled. Of course, this makes sense only if the build is failed when a problem is found.

In other words, we have to configure the FindBugs Maven plugin to fail the build if problems are found. We can do this by following these steps:

  1. Add the plugin declaration to the plugins section of the pom.xml file.
  2. Configure the FindBugs Maven plugin by following these steps:
    1. Ensure that most accurate analysis is performed.
    2. Ensure that all bugs are reported.
    3. Ensure that XML report is generated.
    4. Configure the plugin to create the XML report to the directory ${project.build.directory}/findbugs.
  3. Add an execution which runs the plugin’s check goal during the compile Maven lifecycle phase.

The relevant part of the pom.xml file looks as follows:

<build>
    <plugins>
        <plugin>
            <groupId>org.codehaus.mojo</groupId>
            <artifactId>findbugs-maven-plugin</artifactId>
            <version>2.5.2</version>
            <configuration>
                <!--
                   Enables analysis which takes more memory but finds more bugs.
                   If you run out of memory, changes the value of the effort element
                   to 'Low'.
               -->
                <effort>Max</effort>
                <!-- Reports all bugs (other values are medium and max) -->
                <threshold>Low</threshold>
                <!-- Produces XML report -->
                <xmlOutput>true</xmlOutput>
                <!-- Configures the directory in which the XML report is created -->
                <findbugsXmlOutputDirectory>${project.build.directory}/findbugs</findbugsXmlOutputDirectory>
            </configuration>
            <executions>
                <!--
                   Ensures that FindBugs inspects source code when project is compiled.
               -->
                <execution>
                    <id>analyze-compile</id>
                    <phase>compile</phase>
                    <goals>
                        <goal>check</goal>
                    </goals>
                </execution>
            </executions>
        </plugin>
    </plugins>
</build>

This configuration ensures that the check goal of the Maven FindBugs plugin is invoked during the compile Maven lifecycle phase. If FindBugs finds problems from the source code, it fails the build.

Let’s move on and find out how we can create XML report without creating the site or failing the build.

Use Case 3: Create XML Report Without Failing the Build

If we want to integrate Jenkins with FindBugs, we need to find a way to create XML reports without failing the build.

We can configure the FindBugs Maven plugin to do this by following these steps:

  1. Configure the FindBugs Maven plugin as described in the previous section (Use case 2).
  2. Ensure that the build doesn’t fail if problems are found by setting the value of the failOnError configuration property to false.

The relevant part of the pom.xml file looks as follows:

<build>
    <plugins>
        <plugin>
            <groupId>org.codehaus.mojo</groupId>
            <artifactId>findbugs-maven-plugin</artifactId>
            <version>2.5.2</version>
            <configuration>
                <!--
                   Enables analysis which takes more memory but finds more bugs.
                   If you run out of memory, changes the value of the effort element
                   to 'Low'.
               -->
                <effort>Max</effort>
                <!-- Build doesn't fail if problems are found -->
                <failOnError>false</failOnError>
                <!-- Reports all bugs (other values are medium and max) -->
                <threshold>Low</threshold>
                <!-- Produces XML report -->
                <xmlOutput>true</xmlOutput>
                <!-- Configures the directory in which the XML report is created -->
                <findbugsXmlOutputDirectory>${project.build.directory}/findbugs</findbugsXmlOutputDirectory>
            </configuration>
            <executions>
                <!--
                   Ensures that FindBugs inspects source code when project is compiled.
               -->
                <execution>
                    <id>analyze-compile</id>
                    <phase>compile</phase>
                    <goals>
                        <goal>check</goal>
                    </goals>
                </execution>
            </executions>
        </plugin>
    </plugins>
</Build>

We can now create the XML report by compiling the project.

The last use case describes how we can create both XML and HTML reports without creating the site or failing the build. Let’s see how this is done.

Use Case 4: Create Both XML and HTML Reports Without Creating the Site

If we want to create both XML and HTML reports without creating the project site or failing the build, we have to follow these steps:

  1. Configure the FindBugs Maven plugin as described in the previous section (use case 3).
  2. Add the declaration of the XML Maven Plugin to the plugins section of the pom.xml file.
  3. Configure the plugin by following these steps:
    1. Create a transformation set which transforms all XML files found from the ${project.build.directory}/findbugs directory and writes the results of the XSLT transformation to the same directory.
    2. Configure stylesheet which specifies the output of the XSLT transformation. The FindBugs library provides five stylesheets which can be used for this purpose. The available stylesheets are described in the sample configuration.
    3. Ensure that all output files of the XSLT transformation have the file extension .html.
  4. Add an execution which invokes the transform goal of the XML Maven plugin during the compile Maven lifecycle phase.
  5. Add FindBugs (version 2.0.1) as the dependency of the plugin.

The relevant part of the pom.xml file looks as follows:

<build>
    <plugins>
        <plugin>
            <groupId>org.codehaus.mojo</groupId>
            <artifactId>findbugs-maven-plugin</artifactId>
            <version>2.5.2</version>
            <configuration>
                <!--
                   Enables analysis which takes more memory but finds more bugs.
                   If you run out of memory, changes the value of the effort element
                   to 'Low'.
               -->
                <effort>Max</effort>
                <!-- Build doesn't fail if problems are found -->
                <failOnError>false</failOnError>
                <!-- Reports all bugs (other values are medium and max) -->
                <threshold>Low</threshold>
                <!-- Produces XML report -->
                <xmlOutput>true</xmlOutput>
                <!-- Configures the directory in which the XML report is created -->
                <findbugsXmlOutputDirectory>${project.build.directory}/findbugs</findbugsXmlOutputDirectory>
            </configuration>
            <executions>
                <!--
                   Ensures that FindBugs inspects source code when project is compiled.
               -->
                <execution>
                    <id>analyze-compile</id>
                    <phase>compile</phase>
                    <goals>
                        <goal>check</goal>
                    </goals>
                </execution>
            </executions>
        </plugin>
        <plugin>
            <groupId>org.codehaus.mojo</groupId>
            <artifactId>xml-maven-plugin</artifactId>
            <version>1.0</version>
            <configuration>
                <transformationSets>
                    <transformationSet>
                        <!-- Configures the source directory of XML files. -->
                        <dir>${project.build.directory}/findbugs</dir>
                        <!-- Configures the directory in which the FindBugs report is written.-->
                        <outputDir>${project.build.directory}/findbugs</outputDir>
                        <!-- Selects the used stylesheet. -->
                        <!-- <stylesheet>fancy-hist.xsl</stylesheet> -->
                        <stylesheet>default.xsl</stylesheet>
                        <!--<stylesheet>plain.xsl</stylesheet>-->
                        <!--<stylesheet>fancy.xsl</stylesheet>-->
                        <!--<stylesheet>summary.xsl</stylesheet>-->
                        <fileMappers>
                            <!-- Configures the file extension of the output files. -->
                            <fileMapper
                                   implementation="org.codehaus.plexus.components.io.filemappers.FileExtensionMapper">
                                <targetExtension>.html</targetExtension>
                            </fileMapper>
                        </fileMappers>
                    </transformationSet>
                </transformationSets>
            </configuration>
            <executions>
                <!-- Ensures that the XSLT transformation is run when the project is compiled. -->
                <execution>
                    <phase>compile</phase>
                    <goals>
                        <goal>transform</goal>
                    </goals>
                </execution>
            </executions>
            <dependencies>
                <dependency>
                    <groupId>com.google.code.findbugs</groupId>
                    <artifactId>findbugs</artifactId>
                    <version>2.0.1</version>
                </dependency>
            </dependencies>
        </plugin>
    </plugins>
</build>

This solution was originally described in this StackOverflow question.

We can now create both HTML and XML reports by compiling our project.

Summary

We have now identified four typical use cases of the FindBugs Maven plugin and learned how we can configure the plugin to support each use case.

If you know a use case that wasn’t covered by this tutorial, please let me know by leaving a comment to this blog post.

  • You can get the example application of this blog post from Github.

 

Reference: FindBugs Maven Plugin Tutorial from our JCG partner Petri Kainulainen at the Petri Kainulainen blog.

Do you want to know how to develop your skillset to become a Java Rockstar?

Subscribe to our newsletter to start Rocking right now!

To get you started we give you two of our best selling eBooks for FREE!

JPA Mini Book

Learn how to leverage the power of JPA in order to create robust and flexible Java applications. With this Mini Book, you will get introduced to JPA and smoothly transition to more advanced concepts.

JVM Troubleshooting Guide

The Java virtual machine is really the foundation of any Java EE platform. Learn how to master it with this advanced guide!

Given email address is already subscribed, thank you!
Oops. Something went wrong. Please try again later.
Please provide a valid email address.
Thank you, your sign-up request was successful! Please check your e-mail inbox.
Please complete the CAPTCHA.
Please fill in the required fields.

Leave a Reply


four × = 12



Java Code Geeks and all content copyright © 2010-2014, Exelixis Media Ltd | Terms of Use | Privacy Policy | Contact
All trademarks and registered trademarks appearing on Java Code Geeks are the property of their respective owners.
Java is a trademark or registered trademark of Oracle Corporation in the United States and other countries.
Java Code Geeks is not connected to Oracle Corporation and is not sponsored by Oracle Corporation.
Do you want to know how to develop your skillset and become a ...
Java Rockstar?

Subscribe to our newsletter to start Rocking right now!

To get you started we give you two of our best selling eBooks for FREE!

Get ready to Rock!
You can download the complementary eBooks using the links below:
Close