Analyzing code with the Maven FindBugs plugin

FindBugs is another tool that uses static analysis to inspect Java bytecode for bugs in a Java code. It is based on the concept of bug patterns. A bug pattern is a code snippet that is often an error.

How to do it...

Let us see how we can use the Maven FindBugs plugin to analyze and identify defects in our code:

  1. Open the Maven project for which you want to do the FindBugs analysis.
  2. Run the following command:
    mvn clean compile findbugs:findbugs
  3. Observe the output:
    [INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ project-with-violations ---
[INFO] Changes detected - recompiling the module!
[INFO] Compiling 1 source file to C:projectsapache-maven cookbookproject-with-violations	argetclasses
[INFO]
[INFO] --- findbugs-maven-plugin:3.0.0:findbugs (default-cli) @ project-with-violations ---
[INFO] Fork Value is true
[java] Warnings generated: 3
[INFO] Done FindBugs Analysis....
  4. Open the generated XML file findbugsXml.xml in the target folder:
    How to do it...

How it works...

When the findbugs goal of the FindBugs plugin is run, it analyzes the bytecode and reports errors to an output file in the XML format. Unlike Checkstyle and the PMD plugins, it does not generate a default site report unless configured differently.

Tip

As FindBugs works on bytecode, the project needs to be compiled before the FindBugs analysis can be run. Otherwise, you will not find any FindBugs defects!

FindBugs also provides several options that allow you to specify the classes to be included/excluded from analysis, specify the rules to be run, and to fail when errors crop up during the build. Let's briefly discuss some examples that describe the basic usage of the FindBugs plugin:

  • Filter bugs to report: This plugin allows us to specify classes and methods that can be included or excluded from reporting:
        <plugin>
        <groupId>org.codehaus.mojo</groupId>
        <artifactId>findbugs-maven-plugin</artifactId>
        <version>3.0.1-SNAPSHOT</version>
        <configuration>
          <excludeFilterFile>findbugs exclude.xml</excludeFilterFile>
          <includeFilterFile>findbugs-include.xml</includeFilterFile>
        </configuration>
      </plugin>
  • Bug detectors to run: We can also specify which detectors to run. This can be done in the following manner:
        <plugin>
        <groupId>org.codehaus.mojo</groupId>
        <artifactId>findbugs-maven-plugin</artifactId>
        <version>3.0.1-SNAPSHOT</version>
        <configuration>
<visitors>FindDeadLocalStores,UnreadFields</visitors>
        </configuration>
      </plugin>

There's more...

You can also launch the FindBugs GUI to view the report in a graphical format:

  1. To do this, run the following Maven command:
    mvn compile findbugs:findbugs findbugs:gui
  2. Observe the FindBugs screen:
    There's more...
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
13.58.220.83