Integrate Findbugs to create a new category : Anti-patterns

Details

  • Type: New Feature New Feature
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 1.5
  • Fix Version/s: 1.5
  • Component/s: API, Rules
  • Labels:
    None

Description

It's a Checkstyle/PMD-like, distributed under the terms of the LGPL license.

More info on http://mojo.codehaus.org/findbugs-maven-plugin

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Simon Brandhof added a comment -

Findbugs analyses bytecode but not java sources. So if findbugs rules are activated, projects with sonar light mode should set the sonar.classesDir parameter and be built before launching sonar.

Example of pom.xml if sources are compiled into build/classes :

<build>
  	<sourceDirectory>src</sourceDirectory>
    <plugins>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-compiler-plugin</artifactId>
        <configuration>
          <source>1.5</source>
          <target>1.5</target>
          <failOnError>false</failOnError>
          <excludes><exclude>**/*</exclude></excludes>
        </configuration>
      </plugin>
    </plugins>    	
  </build> 

  <properties>
  	<sonar.light>true</sonar.light>
        <sonar.classesDir>build/classes</sonar.classesDir>
  </properties>

There are also two new parameters on compiler plugin (failOnError and excludes).

Show
Simon Brandhof added a comment - Findbugs analyses bytecode but not java sources. So if findbugs rules are activated, projects with sonar light mode should set the sonar.classesDir parameter and be built before launching sonar. Example of pom.xml if sources are compiled into build/classes : 
<build>
  	<sourceDirectory>src</sourceDirectory>
    <plugins>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-compiler-plugin</artifactId>
        <configuration>
          <source>1.5</source>
          <target>1.5</target>
          <failOnError>false</failOnError>
          <excludes><exclude>**/*</exclude></excludes>
        </configuration>
      </plugin>
    </plugins>    	
  </build> 

  <properties>
  	<sonar.light>true</sonar.light>
        <sonar.classesDir>build/classes</sonar.classesDir>
  </properties>
There are also two new parameters on compiler plugin (failOnError and excludes).
Hide
Permalink
Wolfgang Buckel added a comment -

Findbugs also needs the jars/classpath that the analyzed bytecode depends upon (e.g. log4j.jar, dom4j.jar, ...). It provides much more comprehensive analysis results if this so called "auxiliary classpath" is provided. Without this the results are somewhat limited.

For maven builds this can probably be extracted from the pom dependencies. However, in sonar light mode there should be a possibility to configure the auxiliary classpath, too. And can that also be added to the hudson plugin parameters?

This would be awesome!

Show
Wolfgang Buckel added a comment - Findbugs also needs the jars/classpath that the analyzed bytecode depends upon (e.g. log4j.jar, dom4j.jar, ...). It provides much more comprehensive analysis results if this so called "auxiliary classpath" is provided. Without this the results are somewhat limited. For maven builds this can probably be extracted from the pom dependencies. However, in sonar light mode there should be a possibility to configure the auxiliary classpath, too. And can that also be added to the hudson plugin parameters? This would be awesome!
Hide
Permalink
Simon Brandhof added a comment -

To reuse standard maven parameters, configuration is now :

<project>
  <modelVersion>4.0.0</modelVersion>
  <groupId>xxx</groupId>
  <artifactId>xxx</artifactId>
  <name>xxx</name>
  <version>xxx</version>  
  <build>
  	<sourceDirectory>src</sourceDirectory>
       <outputDirectory>build/classes</outputDirectory>
    <plugins>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-compiler-plugin</artifactId>
        <configuration>
          <source>1.5</source>
          <target>1.5</target>
          <failOnError>false</failOnError>
          <excludes><exclude>**/*</exclude></excludes>
        </configuration>
      </plugin>
    </plugins>    	
  </build> 
  
  <properties>
  	<sonar.light>true</sonar.light>
  </properties>
</project>

The current findbugs maven plugin fails if the project has dependencies (findbugs 'auxiliary classpath'). That's why in such a case the development version must be used. Add the following to pom.xml :

<repositories>
    <repository>
      <snapshots>
        <enabled>true</enabled>
      </snapshots>
      <id>codehaus</id>
      <url>http://snapshots.repository.codehaus.org</url>
    </repository>
  </repositories>
  <pluginRepositories>
    <pluginRepository>
      <snapshots>
        <enabled>true</enabled>
      </snapshots>
      <id>codehaus</id>
      <url>http://snapshots.repository.codehaus.org</url>
    </pluginRepository>
  </pluginRepositories>

  <build>
    <plugins>
      .....
       <plugin>
          <groupId>org.codehaus.mojo</groupId>
          <artifactId>findbugs-maven-plugin</artifactId>
          <version>2.0-SNAPSHOT</version>
        </plugin>
    </plugins>
</build>

The findbugs mojo should be released soon.

Show
Simon Brandhof added a comment - To reuse standard maven parameters, configuration is now : 
<project>
  <modelVersion>4.0.0</modelVersion>
  <groupId>xxx</groupId>
  <artifactId>xxx</artifactId>
  <name>xxx</name>
  <version>xxx</version>  
  <build>
  	<sourceDirectory>src</sourceDirectory>
       <outputDirectory>build/classes</outputDirectory>
    <plugins>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-compiler-plugin</artifactId>
        <configuration>
          <source>1.5</source>
          <target>1.5</target>
          <failOnError>false</failOnError>
          <excludes><exclude>**/*</exclude></excludes>
        </configuration>
      </plugin>
    </plugins>    	
  </build> 
  
  <properties>
  	<sonar.light>true</sonar.light>
  </properties>
</project>
The current findbugs maven plugin fails if the project has dependencies (findbugs 'auxiliary classpath'). That's why in such a case the development version must be used. Add the following to pom.xml : 
<repositories>
    <repository>
      <snapshots>
        <enabled>true</enabled>
      </snapshots>
      <id>codehaus</id>
      <url>http://snapshots.repository.codehaus.org</url>
    </repository>
  </repositories>
  <pluginRepositories>
    <pluginRepository>
      <snapshots>
        <enabled>true</enabled>
      </snapshots>
      <id>codehaus</id>
      <url>http://snapshots.repository.codehaus.org</url>
    </pluginRepository>
  </pluginRepositories>

  <build>
    <plugins>
      .....
       <plugin>
          <groupId>org.codehaus.mojo</groupId>
          <artifactId>findbugs-maven-plugin</artifactId>
          <version>2.0-SNAPSHOT</version>
        </plugin>
    </plugins>
</build>
The findbugs mojo should be released soon.

People

  • Assignee:
    Carlo Jelmini
    Reporter:
    Freddy Mallet
Vote (8)
Watch (2)

Dates

  • Created:
    Updated:
    Resolved: