a FindBugs/SpotBugs plugin for doing static code analysis for java code bases
fb-contrib
a FindBugs and SpotBugs plugin for doing static code analysis on java byte code.
For information see http://fb-contrib.sf.net
Available on maven.org
for FindBugs:
GroupId: com.mebigfatguy.fb-contrib
ArtifactId: fb-contrib
Version: 7.6.8
For SpotBugs
GroupId: com.mebigfatguy.sb-contrib
ArtifactId: sb-contrib
Version: 7.6.8
Developer
- Dave Brosius
Contributors
- Bhaskar Maddala
- Chris Peterson
- Grzegorz Slowikowski
- Trevor Pounds
- Ronald Blaschke
- Zenichi Amano
- Philipp Wiesemann
- Kevin Lubick
- Philippe Arteau
- Thrawn
- Juan Martin Sotuyo Dodero
- Richard Fearn
- Mikkel Kjeldsen
- Jeremy Landis
- Peter Hermsdorf
- David Burström
- Venkata Gajavalli
- Rubén López
- Pavel Roskin
- Kevin Seymour
- Piotrek Żygieło
- Guillaume Toison
fb-contrib has two main branches, ‘findbugs’ and ‘spotbugs’. Code is committed to spotbugs, and then merged back to findbugs.
It is preferable therefore to create merge requests against the spotbugs branch. Thanks!
Setting up for Development - Ant
- Download/install Eclipse, ideally 4.3 (Kepler) or newer. The standard release (for Java) will work fine.
- Ant Dependencies Download yank, the dependency manager and bug-rank-check-style. Both jars (v1.2.0+ and v1.0.0+) should go in your ~/.ant/lib folder, which you will have to make if it doesn’t exist. Windows people, this goes under [Username]/.ant/lib.
Don’t have more than one version of either jar in this folder, as it’s not clear which one Ant will load, leading to annoying compatibility issues. This can be done using the ant target ant infra_jars - Fork this git repo and clone it. GitHub for Windows or GitHub for Mac are good clients if you don’t already have one.
- Open Eclipse. File>Import and then choose “Existing projects into workspace”, and find the fb-contrib folder you created in step 3. Ignore any compile errors (for now).
- Using git, clone the FindBugs repository using
git clone https://code.google.com/p/findbugs/You will only need the findbugs subfolder (the one that has README.txt in it). You can delete the rest, if you wish. - Import this project into Eclipse as well. You may wish to mark these files as read-only, so you modify the “correct” files.
- In the fb-contrib project, find the
user.properties.examplefile. Make a copy of it named user.properties (this will not be tracked by version control). Modify the findbugs.dir property to where ever you have the FindBugs distribution installed. This is the executable FindBugs folder, not the source folder. The jar will be “installed” to (findbugs.dir)\plugin.
For example, If you are using FindBugs with Eclipse (and you extracted Eclipse to C:\), you’ll set this to something likefindbugs.dir=/eclipse/plugins/edu.umd.cs.findbugs.plugin.eclipse_3.0.0.20140706-2cfb468 - Finally, build fb-contrib by finding the build.xml file in Eclipse, right-click it, and select Run As > Ant Build. The dependencies needed should be downloaded to fb-contrib/lib and the fb-contrib-VERSION.jar should be built.
Setting up for Development - Maven
- Download/install Maven, version 2.2.1 or newer.
- Clone the Git repository, as per step 3 above.
- Run
mvn clean installin the fb-contrib directory.
Usage - Maven
To include the fb-contrib detectors when checking your project with FindBugs, you can use the FindBugs Maven plugin.
The group ID for fb-contrib is com.mebigfatguy.fb-contrib, and the artifact ID is fb-contrib. Eg:
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<version>3.0.4</version>
<configuration>
<plugins>
<plugin>
<groupId>com.mebigfatguy.fb-contrib</groupId>
<artifactId>fb-contrib</artifactId>
<version>7.6.8</version>
</plugin>
</plugins>
</configuration>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
Or to include the fb-contrib detectors when checking your project with Spotbugs, you can use the SpotBugs Maven plugin which is a fork of findbugs maven plugin to provide spotbugs integration.
The group ID for sb-contrib is com.mebigfatguy.sb-contrib, and the artifact ID is sb-contrib. Eg:
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>3.1.12</version>
<configuration>
<plugins>
<plugin>
<groupId>com.mebigfatguy.sb-contrib</groupId>
<artifactId>sb-contrib</artifactId>
<version>7.6.8</version>
</plugin>
</plugins>
</configuration>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
Usage - Gradle
apply plugin: 'findbugs'
dependencies {
// We need to manually set this first, or the plugin is not loaded
findbugs 'com.google.code.findbugs:findbugs:3.0.0'
findbugs configurations.findbugsPlugins.dependencies
// To keep everything tidy, we set these apart
findbugsPlugins 'com.mebigfatguy.fb-contrib:fb-contrib:7.6.8'
}
task findbugs(type: FindBugs) {
// Add all your config here ...
pluginClasspath = project.configurations.findbugsPlugins
}
Contributing
Once you have the dev environment set up, feel free to make changes and pull requests.
Any edits are much appreciated, from finding typos, to adding examples in the messages, to creating new detectors, all help is welcome.
External guides for making detectors:
- https://www.ibm.com/developerworks/library/j-findbug2/
- http://kjlubick.github.io/blog/post/1?building-my-first-findbugs-detector
Misc references about bytecode:
For making detectors, it best to make several test cases, like those in the sample directory. Even better is if you can comment where you expect bug markers to appear and why, like this.
In your pull request, give an overview of your changes along with the related commits.
If you are not up for contributing code but notice a common problem with some third party library, or general purpose pattern, please add an issue too. We always like new ideas.
Often available on #fb-contrib on freenode.net for conversation.