About Petri Kainulainen

Petri is passionate about software development and continuous improvement. He is specialized in software development with the Spring Framework and is the author of Spring Data book.

FindBugs Maven Plugin Tutorial

FindBugs is a static code analysis tool which identifies problems found from Java code.

We can integrate FindBugs into our build process by using the FindBugs Maven plugin. This blog post identifies four typical use cases and describes how we can configure the FindBugs Maven plugin to support each use case.

The described use cases are:
 
 
 

  1. Create FindBugs report as a part of the project reports.
  2. Fail the build if FindBugs finds problems from the source code.
  3. Create a XML report without failing the build.
  4. Create both XML and HTML reports without creating the site.

Let’s get started.

Use Case 1: Create Findbugs Report as a Part of the Project Reports

Sometimes we don’t want to run static code analysis every time when our project is compiled. Instead we want to run it manually when we need it. If this is the case, our best option is to create the FindBugs report when we create the site of the project.

We can do this by following these steps:

  1. Add the declaration of the FindBugs Maven plugin to the reporting section of the pom.xml file.
  2. Configure the FindBugs Maven plugin by following these steps:
    1. Ensure that most accurate analysis is performed.
    2. Ensure that all bugs are reported.
    3. Ensure that XML report is generated.

The relevant part of the pom.xml file looks as follows:

<reporting>
    <plugins>
        <plugin>
            <groupId>org.codehaus.mojo</groupId>
            <artifactId>findbugs-maven-plugin</artifactId>
            <version>2.5.2</version>
            <configuration>
                <!--
                   Enables analysis which takes more memory but finds more bugs.
                   If you run out of memory, changes the value of the effort element
                   to 'low'.
               -->
                <effort>Max</effort>
                <!-- Reports all bugs (other values are medium and max) -->
                <threshold>Low</threshold>
                <!-- Produces XML report -->
                <xmlOutput>true</xmlOutput>
            </configuration>
        </plugin>
    </plugins>
</reporting>

The report is created only when the project is compiled.

In other words, when we want to create the FindBugs report, we have to run the following command at command prompt:

mvn clean compile site

Let’s move on and find out how we can fail the build if FindBugs finds problems from our source code.

Use Case 2: Fail the Build if Problems Are Found

If we want to be sure that our code doesn’t contain even a minor problem, it might be good idea to run static code analysis every time when our project is compiled. Of course, this makes sense only if the build is failed when a problem is found.

In other words, we have to configure the FindBugs Maven plugin to fail the build if problems are found. We can do this by following these steps:

  1. Add the plugin declaration to the plugins section of the pom.xml file.
  2. Configure the FindBugs Maven plugin by following these steps:
    1. Ensure that most accurate analysis is performed.
    2. Ensure that all bugs are reported.
    3. Ensure that XML report is generated.
    4. Configure the plugin to create the XML report to the directory ${project.build.directory}/findbugs.
  3. Add an execution which runs the plugin’s check goal during the compile Maven lifecycle phase.

The relevant part of the pom.xml file looks as follows:

<build>
    <plugins>
        <plugin>
            <groupId>org.codehaus.mojo</groupId>
            <artifactId>findbugs-maven-plugin</artifactId>
            <version>2.5.2</version>
            <configuration>
                <!--
                   Enables analysis which takes more memory but finds more bugs.
                   If you run out of memory, changes the value of the effort element
                   to 'Low'.
               -->
                <effort>Max</effort>
                <!-- Reports all bugs (other values are medium and max) -->
                <threshold>Low</threshold>
                <!-- Produces XML report -->
                <xmlOutput>true</xmlOutput>
                <!-- Configures the directory in which the XML report is created -->
                <findbugsXmlOutputDirectory>${project.build.directory}/findbugs</findbugsXmlOutputDirectory>
            </configuration>
            <executions>
                <!--
                   Ensures that FindBugs inspects source code when project is compiled.
               -->
                <execution>
                    <id>analyze-compile</id>
                    <phase>compile</phase>
                    <goals>
                        <goal>check</goal>
                    </goals>
                </execution>
            </executions>
        </plugin>
    </plugins>
</build>

This configuration ensures that the check goal of the Maven FindBugs plugin is invoked during the compile Maven lifecycle phase. If FindBugs finds problems from the source code, it fails the build.

Let’s move on and find out how we can create XML report without creating the site or failing the build.

Use Case 3: Create XML Report Without Failing the Build

If we want to integrate Jenkins with FindBugs, we need to find a way to create XML reports without failing the build.

We can configure the FindBugs Maven plugin to do this by following these steps:

  1. Configure the FindBugs Maven plugin as described in the previous section (Use case 2).
  2. Ensure that the build doesn’t fail if problems are found by setting the value of the failOnError configuration property to false.

The relevant part of the pom.xml file looks as follows:

<build>
    <plugins>
        <plugin>
            <groupId>org.codehaus.mojo</groupId>
            <artifactId>findbugs-maven-plugin</artifactId>
            <version>2.5.2</version>
            <configuration>
                <!--
                   Enables analysis which takes more memory but finds more bugs.
                   If you run out of memory, changes the value of the effort element
                   to 'Low'.
               -->
                <effort>Max</effort>
                <!-- Build doesn't fail if problems are found -->
                <failOnError>false</failOnError>
                <!-- Reports all bugs (other values are medium and max) -->
                <threshold>Low</threshold>
                <!-- Produces XML report -->
                <xmlOutput>true</xmlOutput>
                <!-- Configures the directory in which the XML report is created -->
                <findbugsXmlOutputDirectory>${project.build.directory}/findbugs</findbugsXmlOutputDirectory>
            </configuration>
            <executions>
                <!--
                   Ensures that FindBugs inspects source code when project is compiled.
               -->
                <execution>
                    <id>analyze-compile</id>
                    <phase>compile</phase>
                    <goals>
                        <goal>check</goal>
                    </goals>
                </execution>
            </executions>
        </plugin>
    </plugins>
</Build>

We can now create the XML report by compiling the project.

The last use case describes how we can create both XML and HTML reports without creating the site or failing the build. Let’s see how this is done.

Use Case 4: Create Both XML and HTML Reports Without Creating the Site

If we want to create both XML and HTML reports without creating the project site or failing the build, we have to follow these steps:

  1. Configure the FindBugs Maven plugin as described in the previous section (use case 3).
  2. Add the declaration of the XML Maven Plugin to the plugins section of the pom.xml file.
  3. Configure the plugin by following these steps:
    1. Create a transformation set which transforms all XML files found from the ${project.build.directory}/findbugs directory and writes the results of the XSLT transformation to the same directory.
    2. Configure stylesheet which specifies the output of the XSLT transformation. The FindBugs library provides five stylesheets which can be used for this purpose. The available stylesheets are described in the sample configuration.
    3. Ensure that all output files of the XSLT transformation have the file extension .html.
  4. Add an execution which invokes the transform goal of the XML Maven plugin during the compile Maven lifecycle phase.
  5. Add FindBugs (version 2.0.1) as the dependency of the plugin.

The relevant part of the pom.xml file looks as follows:

<build>
    <plugins>
        <plugin>
            <groupId>org.codehaus.mojo</groupId>
            <artifactId>findbugs-maven-plugin</artifactId>
            <version>2.5.2</version>
            <configuration>
                <!--
                   Enables analysis which takes more memory but finds more bugs.
                   If you run out of memory, changes the value of the effort element
                   to 'Low'.
               -->
                <effort>Max</effort>
                <!-- Build doesn't fail if problems are found -->
                <failOnError>false</failOnError>
                <!-- Reports all bugs (other values are medium and max) -->
                <threshold>Low</threshold>
                <!-- Produces XML report -->
                <xmlOutput>true</xmlOutput>
                <!-- Configures the directory in which the XML report is created -->
                <findbugsXmlOutputDirectory>${project.build.directory}/findbugs</findbugsXmlOutputDirectory>
            </configuration>
            <executions>
                <!--
                   Ensures that FindBugs inspects source code when project is compiled.
               -->
                <execution>
                    <id>analyze-compile</id>
                    <phase>compile</phase>
                    <goals>
                        <goal>check</goal>
                    </goals>
                </execution>
            </executions>
        </plugin>
        <plugin>
            <groupId>org.codehaus.mojo</groupId>
            <artifactId>xml-maven-plugin</artifactId>
            <version>1.0</version>
            <configuration>
                <transformationSets>
                    <transformationSet>
                        <!-- Configures the source directory of XML files. -->
                        <dir>${project.build.directory}/findbugs</dir>
                        <!-- Configures the directory in which the FindBugs report is written.-->
                        <outputDir>${project.build.directory}/findbugs</outputDir>
                        <!-- Selects the used stylesheet. -->
                        <!-- <stylesheet>fancy-hist.xsl</stylesheet> -->
                        <stylesheet>default.xsl</stylesheet>
                        <!--<stylesheet>plain.xsl</stylesheet>-->
                        <!--<stylesheet>fancy.xsl</stylesheet>-->
                        <!--<stylesheet>summary.xsl</stylesheet>-->
                        <fileMappers>
                            <!-- Configures the file extension of the output files. -->
                            <fileMapper
                                   implementation="org.codehaus.plexus.components.io.filemappers.FileExtensionMapper">
                                <targetExtension>.html</targetExtension>
                            </fileMapper>
                        </fileMappers>
                    </transformationSet>
                </transformationSets>
            </configuration>
            <executions>
                <!-- Ensures that the XSLT transformation is run when the project is compiled. -->
                <execution>
                    <phase>compile</phase>
                    <goals>
                        <goal>transform</goal>
                    </goals>
                </execution>
            </executions>
            <dependencies>
                <dependency>
                    <groupId>com.google.code.findbugs</groupId>
                    <artifactId>findbugs</artifactId>
                    <version>2.0.1</version>
                </dependency>
            </dependencies>
        </plugin>
    </plugins>
</build>

This solution was originally described in this StackOverflow question.

We can now create both HTML and XML reports by compiling our project.

Summary

We have now identified four typical use cases of the FindBugs Maven plugin and learned how we can configure the plugin to support each use case.

If you know a use case that wasn’t covered by this tutorial, please let me know by leaving a comment to this blog post.

  • You can get the example application of this blog post from Github.

 

Reference: FindBugs Maven Plugin Tutorial from our JCG partner Petri Kainulainen at the Petri Kainulainen blog.
Related Whitepaper:

Functional Programming in Java: Harnessing the Power of Java 8 Lambda Expressions

Get ready to program in a whole new way!

Functional Programming in Java will help you quickly get on top of the new, essential Java 8 language features and the functional style that will change and improve your code. This short, targeted book will help you make the paradigm shift from the old imperative way to a less error-prone, more elegant, and concise coding style that’s also a breeze to parallelize. You’ll explore the syntax and semantics of lambda expressions, method and constructor references, and functional interfaces. You’ll design and write applications better using the new standards in Java 8 and the JDK.

Get it Now!  

Leave a Reply


nine × = 36



Java Code Geeks and all content copyright © 2010-2014, Exelixis Media Ltd | Terms of Use | Privacy Policy
All trademarks and registered trademarks appearing on Java Code Geeks are the property of their respective owners.
Java is a trademark or registered trademark of Oracle Corporation in the United States and other countries.
Java Code Geeks is not connected to Oracle Corporation and is not sponsored by Oracle Corporation.

Sign up for our Newsletter

20,709 insiders are already enjoying weekly updates and complimentary whitepapers! Join them now to gain exclusive access to the latest news in the Java world, as well as insights about Android, Scala, Groovy and other related technologies.

As an extra bonus, by joining you will get our brand new e-books, published by Java Code Geeks and their JCG partners for your reading pleasure! Enter your info and stay on top of things,

  • Fresh trends
  • Cases and examples
  • Research and insights
  • Two complimentary e-books