Stack Overflow
Stack Overflow

Questions tagged [spotbugs]

SpotBugs is a program which uses static analysis to look for bugs in Java code. SpotBugs is the spiritual successor of FindBugs, carrying on from the point where it left off with support of its community.

SpotBugs is a program which uses static analysis to look for bugs in Java, Groovy, Kotlin, Scala, JSP and Closure code.

SpotBugs is the spiritual successor of FindBugs, carrying on from the point where it left off with the support of its community. It is free software, distributed under the terms of the Lesser GNU Public License.

SpotBugs requires JRE (or JDK) 1.8.0 or later to run. However, it can analyze programs compiled for any version of Java, from 1.0 to 1.9.

165 questions
0
votes
1 answer

Configure jsr-305 annotations for Eclipse

I have configured Eclipse as seen in the screenshot. However I get no errors for this code: @Nonnull public static Object test(@CheckForNull Object t) { return t; } When I run spotbugs on this code I get: t must be non-null but is marked…
Jakub Bochenski
  • 3,113
  • 4
  • 33
  • 61
0
votes
1 answer

build failed Error: java: USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES how to fix spot bug reported issue

I am facing Error: java: USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES and build gets failed for setter method. it is reported by spotbugs. How to fix this please help as not getting solution. Below is the class…
Kim
  • 305
  • 1
  • 3
  • 14
0
votes
3 answers

How do I suppress the Spotbugs stacktrace in Gradle?

I'm setting up Spotbugs in a Gradle project but when I run it, Spotbugs does generate the output report but logs a failure stacktrace to the console. I'm wondering if there is a way to suppress it. Here's my Gradle file: buildscript { …
Mridang Agarwalla
  • 43,201
  • 71
  • 221
  • 382
0
votes
0 answers

What static-analysis tool can detect unsafe concurrent write in java

ArrayList objects = new ArrayList<>(); IntStream.range(1, 20) .parallel() .forEach(objects::add); Collections.sort(objects); System.out.println(objects); Output [0, 1, 2, 3, 4, 5, 6, 9, 10, 11, 12, 13, 14, 15, 16, 17,…
Artem Yakovlev
  • 493
  • 7
  • 22
0
votes
1 answer

Findbugs [Malicious code vulnerability | EI_EXPOSE_REP2] not thrown on self written classes

we have implemented spotbugs into our applications yesterday. Most of our bugs were [Malicious code vulnerability | EI_EXPOSE_REP2]...may expose internal representation by storing an externally mutable object into.... We understand this, but what…
Michael1312
  • 9
  • 2
0
votes
0 answers

Is it possible to perform static code analysis without compiling?

I'm working on a study around code best practices. And i'm trying to perform some automatic static code analysis on a list of repositories (maven projects) using sonarqube The problem is that 99% of the repositories need specific steps to build. (…
Walidou
  • 61
  • 4
0
votes
1 answer

How to suppress errorprone warnings without getting a warning from eclipse?

I wonder if it's possible to locally suppress errorprone warnings without getting an Eclipse warning instead. For example, with this line private final byte[] magicBytes; in an enum, I get the ImmutableEnumChecker warning as byte[] is mutable. This…
maaartinus
  • 44,714
  • 32
  • 161
  • 320
0
votes
2 answers

Bugs found by FindBugs plugin Eclipse

using bug finder plugin, I found this bugs but does not understand why it was seen as bug in the code. Does anybody know and give me proper explanation regarding these? Thanks. Source Code -…
Animoto Dito
  • 13
  • 3
0
votes
0 answers

Spotbugs mvn plugin missing classes needed for analysis

I'm using a GitLab CI/CD Pipeline that uses the spotbugs plugin for Maven; when I try to run mvn compile spotbugs:check I get the following error: [INFO] Fork Value is true [java] The following classes needed for analysis were missing: …
HopedWall
  • 73
  • 5
0
votes
0 answers

Can we fail Jenkins build if new bugs are introduced through spot bugs

We are running spot bugs through ANT script. We would like to fail the Jenkins build if new bugs are introduced. Kindly let me know if there is an option
jon
  • 213
  • 1
  • 5
  • 18
0
votes
0 answers

Spotbugs XML report does not have instanceHash value when run using Gradle plugin

I have used FindSecBugs plugin in Spotbugs to do a static security analysis of my code. Some of my projects are built using gradle and some are done using maven. I have successfully tested for maven which gives me an xml report like : BugInstance…
Slenderman
  • 1
  • 1
0
votes
2 answers

Using FindSecBugs in Maven throws java.lang.OutOfMemoryError

I'm new to Maven.I'm using Mac OSX. I tried to build the project using maven and it happened properly. Then I used mvn spotbugs:spotbugs to use the spotbugs plugin! It took a while and threw Exception in thread "main" java.lang.OutOfMemoryError:…
Slenderman
  • 1
  • 1
0
votes
1 answer

How can I solve LI_LAZY_INIT_UPDATE_STATIC?

I'm trying to initialize a MethodHandle for a non-public method in an upstream library. private static Method OF_METHOD; static Method ofMethod() { if (OF_METHOD == null) { try { OF_METHOD =…
Jin Kwon
  • 20,295
  • 14
  • 115
  • 184
0
votes
1 answer

Edit build.xml for ant spotbugs

I'm struggling with the following issue: I want to set up my ant for compiling Java source code. Everything works fine, but I also want to use the spotbugs / findpugs analyzing tool. So in the manual is written:
wolfbiker1
  • 89
  • 4
0
votes
2 answers

Is it possible for spotbugs to skip kotlin files from pure maven configuration?

I'm able to exclude *.kt files using com.github.spotbugs spotbugs-maven-plugin spotbugs-exclude-filter.xml
Arboreal Shark
  • 2,221
  • 3
  • 17
  • 12
1 2 3
10
11