Maven SpotBugs example
摘要: In this article, we will show you how to use SpotBugs Maven Plugin to find bugs in Java code.
In this article, we will show you how to use SpotBugs Maven Plugin to find bugs in Java code.
Note
Findbugs is no longer maintained, and thus SpotBugs is the spiritual successor of FindBugs
Findbugs is no longer maintained, and thus SpotBugs is the spiritual successor of FindBugs
P.S SpotBugs requires JDK 1.8
1. Maven SpotBugs Plugin
Define the spotbugs-maven-plugin in the reporting tag. So that mvn site will generate the SpotBugs report.
pom.xml
<reporting>
<plugins>
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>3.1.8</version>
</plugin>
</plugins>
</reporting>
2. Java Code
A simple Java code, with an unused field ‘abc’ and a performance issue in the “+ string” loop. Later, SpotBugs will be able to detect it and showing it on the report.
package com.mkyong.examples;
public class StaticCodeExample {
//Unused field
private int abc;
private String ip = "127.0.0.1";
public void test() {
String[] field = {"a", "b", "c", "s", "e"};
//concatenates strings using + in a loop
String s = "";
for (int i = 0; i < field.length; ++i) {
s = s + field[i];
System.out.println(ip);
3. Maven Site
mvn compile site to generate a Maven site for the Java project, the SpotBugs report will be generated and integrated into the Maven site automatically.
$ mvn compile site [INFO] Generating "SpotBugs" report --- spotbugs-maven-plugin:3.1.8:spotbugs [INFO] Generating "Dependency Information" report --- maven-project-info-reports-plugin:3.0.0:dependency-info [INFO] Generating "About" report --- maven-project-info-reports-plugin:3.0.0:index [INFO] Generating "Plugin Management" report --- maven-project-info-reports-plugin:3.0.0:plugin-management [INFO] Generating "Plugins" report --- maven-project-info-reports-plugin:3.0.0:plugins [INFO] Generating "Summary" report --- maven-project-info-reports-plugin:3.0.0:summary [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 7.732 s [INFO] Finished at: 2018-11-19T15:38:56+08:00 [INFO] ------------------------------------------------------------------------
4. SpotBugs Report
Review the report at target/site/spotbugs.html
5. FAQs
5.1 Review the SpotBugs 400 bug patterns here.
5.2 More Maven SpotBugs Plugin recipes here
References
- SpotBugs Official site
- SpotBugs Maven Plugin
- Using the SpotBugs Maven Plugin
- List of tools for static code analysis
上一篇:
Java Global variable examples
下一篇: mvn site : java.lang.ClassNotFoundException: org.apache.maven.doxia.siterenderer.DocumentContent
下一篇: mvn site : java.lang.ClassNotFoundException: org.apache.maven.doxia.siterenderer.DocumentContent
