FindBugs is a static code analysis tool which identifies problems found from Java code.
We can integrate FindBugs into our build process by using the FindBugs Maven plugin. This blog post identifies four typical use cases and describes how we can configure the FindBugs Maven plugin to support each use case.
The described use cases are:
- Create FindBugs report as a part of the project reports.
- Fail the build if FindBugs finds problems from the source code.
- Create a XML report without failing the build.
- Create both XML and HTML reports without creating the site.
Let’s get started.
Use Case 1: Create Findbugs Report as a Part of the Project Reports
Sometimes we don’t want to run static code analysis every time when our project is compiled. Instead we want to run it manually when we need it. If this is the case, our best option is to create the FindBugs report when we create the site of the project.
We can do this by following these steps:
- Add the declaration of the FindBugs Maven plugin to the reporting section of the pom.xml file.
- Configure the FindBugs Maven plugin by following these steps:
- Ensure that most accurate analysis is performed.
- Ensure that all bugs are reported.
- Ensure that XML report is generated.
The relevant part of the pom.xml file looks as follows:
<reporting>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<version>2.5.2</version>
<configuration>
<!--
Enables analysis which takes more memory but finds more bugs.
If you run out of memory, changes the value of the effort element
to 'low'.
-->
<effort>Max</effort>
<!-- Reports all bugs (other values are medium and max) -->
<threshold>Low</threshold>
<!-- Produces XML report -->
<xmlOutput>true</xmlOutput>
</configuration>
</plugin>
</plugins>
</reporting>The report is created only when the project is compiled.
In other words, when we want to create the FindBugs report, we have to run the following command at command prompt:
mvn clean compile site
Let’s move on and find out how we can fail the build if FindBugs finds problems from our source code.
Use Case 2: Fail the Build if Problems Are Found
If we want to be sure that our code doesn’t contain even a minor problem, it might be good idea to run static code analysis every time when our project is compiled. Of course, this makes sense only if the build is failed when a problem is found.
In other words, we have to configure the FindBugs Maven plugin to fail the build if problems are found. We can do this by following these steps:
- Add the plugin declaration to the plugins section of the pom.xml file.
- Configure the FindBugs Maven plugin by following these steps:
- Ensure that most accurate analysis is performed.
- Ensure that all bugs are reported.
- Ensure that XML report is generated.
- Configure the plugin to create the XML report to the directory ${project.build.directory}/findbugs.
- Add an execution which runs the plugin’s check goal during the compile Maven lifecycle phase.
The relevant part of the pom.xml file looks as follows:
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<version>2.5.2</version>
<configuration>
<!--
Enables analysis which takes more memory but finds more bugs.
If you run out of memory, changes the value of the effort element
to 'Low'.
-->
<effort>Max</effort>
<!-- Reports all bugs (other values are medium and max) -->
<threshold>Low</threshold>
<!-- Produces XML report -->
<xmlOutput>true</xmlOutput>
<!-- Configures the directory in which the XML report is created -->
<findbugsXmlOutputDirectory>${project.build.directory}/findbugs</findbugsXmlOutputDirectory>
</configuration>
<executions>
<!--
Ensures that FindBugs inspects source code when project is compiled.
-->
<execution>
<id>analyze-compile</id>
<phase>compile</phase>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>This configuration ensures that the check goal of the Maven FindBugs plugin is invoked during the compile Maven lifecycle phase. If FindBugs finds problems from the source code, it fails the build.
Let’s move on and find out how we can create XML report without creating the site or failing the build.
Use Case 3: Create XML Report Without Failing the Build
If we want to integrate Jenkins with FindBugs, we need to find a way to create XML reports without failing the build.
We can configure the FindBugs Maven plugin to do this by following these steps:
- Configure the FindBugs Maven plugin as described in the previous section (Use case 2).
- Ensure that the build doesn’t fail if problems are found by setting the value of the failOnError configuration property to false.
The relevant part of the pom.xml file looks as follows:
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<version>2.5.2</version>
<configuration>
<!--
Enables analysis which takes more memory but finds more bugs.
If you run out of memory, changes the value of the effort element
to 'Low'.
-->
<effort>Max</effort>
<!-- Build doesn't fail if problems are found -->
<failOnError>false</failOnError>
<!-- Reports all bugs (other values are medium and max) -->
<threshold>Low</threshold>
<!-- Produces XML report -->
<xmlOutput>true</xmlOutput>
<!-- Configures the directory in which the XML report is created -->
<findbugsXmlOutputDirectory>${project.build.directory}/findbugs</findbugsXmlOutputDirectory>
</configuration>
<executions>
<!--
Ensures that FindBugs inspects source code when project is compiled.
-->
<execution>
<id>analyze-compile</id>
<phase>compile</phase>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</Build>We can now create the XML report by compiling the project.
The last use case describes how we can create both XML and HTML reports without creating the site or failing the build. Let’s see how this is done.
Use Case 4: Create Both XML and HTML Reports Without Creating the Site
If we want to create both XML and HTML reports without creating the project site or failing the build, we have to follow these steps:
- Configure the FindBugs Maven plugin as described in the previous section (use case 3).
- Add the declaration of the XML Maven Plugin to the plugins section of the pom.xml file.
- Configure the plugin by following these steps:
- Create a transformation set which transforms all XML files found from the ${project.build.directory}/findbugs directory and writes the results of the XSLT transformation to the same directory.
- Configure stylesheet which specifies the output of the XSLT transformation. The FindBugs library provides five stylesheets which can be used for this purpose. The available stylesheets are described in the sample configuration.
- Ensure that all output files of the XSLT transformation have the file extension .html.
- Add an execution which invokes the transform goal of the XML Maven plugin during the compile Maven lifecycle phase.
- Add FindBugs (version 2.0.1) as the dependency of the plugin.
The relevant part of the pom.xml file looks as follows:
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<version>2.5.2</version>
<configuration>
<!--
Enables analysis which takes more memory but finds more bugs.
If you run out of memory, changes the value of the effort element
to 'Low'.
-->
<effort>Max</effort>
<!-- Build doesn't fail if problems are found -->
<failOnError>false</failOnError>
<!-- Reports all bugs (other values are medium and max) -->
<threshold>Low</threshold>
<!-- Produces XML report -->
<xmlOutput>true</xmlOutput>
<!-- Configures the directory in which the XML report is created -->
<findbugsXmlOutputDirectory>${project.build.directory}/findbugs</findbugsXmlOutputDirectory>
</configuration>
<executions>
<!--
Ensures that FindBugs inspects source code when project is compiled.
-->
<execution>
<id>analyze-compile</id>
<phase>compile</phase>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>xml-maven-plugin</artifactId>
<version>1.0</version>
<configuration>
<transformationSets>
<transformationSet>
<!-- Configures the source directory of XML files. -->
<dir>${project.build.directory}/findbugs</dir>
<!-- Configures the directory in which the FindBugs report is written.-->
<outputDir>${project.build.directory}/findbugs</outputDir>
<!-- Selects the used stylesheet. -->
<!-- <stylesheet>fancy-hist.xsl</stylesheet> -->
<stylesheet>default.xsl</stylesheet>
<!--<stylesheet>plain.xsl</stylesheet>-->
<!--<stylesheet>fancy.xsl</stylesheet>-->
<!--<stylesheet>summary.xsl</stylesheet>-->
<fileMappers>
<!-- Configures the file extension of the output files. -->
<fileMapper
implementation="org.codehaus.plexus.components.io.filemappers.FileExtensionMapper">
<targetExtension>.html</targetExtension>
</fileMapper>
</fileMappers>
</transformationSet>
</transformationSets>
</configuration>
<executions>
<!-- Ensures that the XSLT transformation is run when the project is compiled. -->
<execution>
<phase>compile</phase>
<goals>
<goal>transform</goal>
</goals>
</execution>
</executions>
<dependencies>
<dependency>
<groupId>com.google.code.findbugs</groupId>
<artifactId>findbugs</artifactId>
<version>2.0.1</version>
</dependency>
</dependencies>
</plugin>
</plugins>
</build>This solution was originally described in this StackOverflow question.
We can now create both HTML and XML reports by compiling our project.
Summary
We have now identified four typical use cases of the FindBugs Maven plugin and learned how we can configure the plugin to support each use case.
If you know a use case that wasn’t covered by this tutorial, please let me know by leaving a comment to this blog post.
- You can get the example application of this blog post from Github.
