Automatic bug detection with SpotBugs and Maven

Apr 2, 2019 by Thibault Debatty - 361 views

https://cylab.be/blog/19/automatic-bug-detection-with-spotbugs-and-maven

SpotBugs is a fantastic tool to help you write beter java code! It performs static code analysis (SA) and uses a database of more then 400 bug patterns to detect potential bugs in your code.

It is also very simple to install and use: simply add the provided maven plugin in the build/plugins section your pom.xml:

<!-- SpotBugs : https://spotbugs.github.io/ -->
<!-- run with mvn spotbugs:check and mvn spotbugs:gui -->
<plugin>
    <groupId>com.github.spotbugs</groupId>
    <artifactId>spotbugs-maven-plugin</artifactId>
    <version>3.1.11</version>
</plugin>

To run SpotBugs, simply type

mvn spotbugs:check

SpotBugs even has a built-in GUI to help you analyze and fix the discovered bugs. You can run it by typing

mvn spotbugs:gui

If you want to automatically run SpotBugs during the build lifecycle, add an execution entry to your plugin:

<!-- SpotBugs : https://spotbugs.github.io/ -->
<!-- run with mvn spotbugs:check and mvn spotbugs:gui -->
<plugin>
    <groupId>com.github.spotbugs</groupId>
    <artifactId>spotbugs-maven-plugin</artifactId>
    <version>3.1.11</version>
    <executions>
        <execution>
            <id>check</id>
            <phase>verify</phase>
            <goals>
                <goal>check</goal>
            </goals>
        </execution>
    </executions>
</plugin>

This will run SpotBugs each time the verify phase is executed...