FindBugs explained

FindBugs is an open-source static code analyser created by Bill Pugh and David Hovemeyer which detects possible bugs in Java programs.^{[2] [3]} Potential errors are classified in four ranks: (i) scariest, (ii) scary, (iii) troubling and (iv) of concern. This is a hint to the developer about their possible impact or severity.^[4] FindBugs operates on Java bytecode, rather than source code. The software is distributed as a stand-alone GUI application. There are also plug-ins available for Eclipse,^[5] NetBeans,^[6] IntelliJ IDEA,^{[7] [8] [9]} Gradle, Hudson,^[10] Maven,^[11] Bamboo^[12] and Jenkins.^[13]

Additional rule sets can be plugged in FindBugs to increase the set of checks performed.^[14]

See also

• List of tools for static code analysis

External links

• • Manual
• List of bug patterns
• fb-contrib: additional bug detectors for FindBugs
• FindSecurityBugs: additional security-oriented bug detectors for FindBugs
• FindBugs-IDEA – The FindBugs Plugin for IntelliJ IDEA

SpotBugs

SpotBugs is the spiritual successor of FindBugs, carrying on from the point where it left off with support of its community.

In 2016, the project lead of FindBugs was inactive but there are many issues in its community so Andrey Loskutov gave an announcement ^[16] to its community, and some volunteers tried creating a project with support for modern Java platform and better maintainability. On September 21, 2017, Andrey Loskutov again gave an announcement ^[17] about the status of new community, then released SpotBugs 3.1.0 ^[18] with support for Java 11 the new LTS, especially Java Platform Module System and invokedynamic instruction.

There are also plug-ins available for Eclipse,^[19] IntelliJ IDEA,^[20] Gradle,^[21] Maven^[22] and SonarQube.^[23] SpotBugs also supports all of existing FindBugs plugins such as sb-contrib,^[24] find-security-bugs,^[25] with several minor changes.^[26]

Applications

SpotBugs have numerous areas of applications:

1. Testing during a Continuous Integration or Delivery Cycle.
2. Locating faults in an application.
3. During a code review.

External links

• SpotBugs Official Website
• SpotBugs Manual
• List of bug patterns

Notes and References

1. Web site: FindBugs 1.0.0 release date.
2. Web site: FindBugs, Part 1: Improve the quality of your code. .
3. Web site: FindBugs, Part 2: Writing custom detectors. .
4. Web site: Markus. Sprunck . Findbugs – Static Code Analysis of Java. April 24, 2013.
5. Web site: FindBugs Downloads.
6. Web site: Static Code Analysis in the NetBeans IDE Java Editor.
7. http://code.google.com/p/idea-findbugs/ idea-findbugs plug-in
8. Web site: Google Project Hosting.
9. Web site: QAPlug – quality assurance plugin.
10. Web site: FindBugs Plugin. 2010-03-22. https://web.archive.org/web/20130129161233/http://wiki.hudson-ci.org/display/HUDSON/FindBugs+Plugin. 2013-01-29. dead.
11. Web site: FindBugs Maven Plugin – Introduction.
12. https://marketplace.atlassian.com/plugins/eu.markusschulte.atlassian.bamboo.plugin.report-findbugs View FindBugs
13. Web site: Findbugs.
14. Web site: fb-contrib™: A FindBugs™ auxiliary detector plugin.
15. Web site: SpotBugs 3.1.0 release date. GitHub. 17 November 2021.
16. Web site: Loskutov. Andrey. November 2, 2016. [FB-Discuss] Project status]. 2021-06-24.
17. Web site: Loskutov. Andrey. September 21, 2017. [FB-Discuss] Announcing SpotBugs as FindBugs successor]. 2021-06-24.
18. Web site: Release SpotBugs 3.1.0 · spotbugs/spotbugs. 2021-06-24. GitHub. en.
19. Web site: SpotBugs Eclipse Plugin Update Site.
20. Web site: SpotBugs-IDEA.
21. Web site: SpotBugs Gradle Plugin.
22. Web site: SpotBugs Maven Plugin.
23. Web site: sonar-findbugs. GitHub. 15 November 2021.
24. Web site: 'spotbugs' branch in fb-contrib repo. .
25. Web site: Find Security Bugs.
26. Web site: Migration guide for Plugin Developers.