How to configure a custom findbugs task in gradle with a different pluginClasspath

Question

I tried to set up a custom findbugs task with gradle which will have a different pluginClasspath than the default ones.

So the default tasks should use the default FindBugs rules while the custom one should use the findbugs-security rules. My configuration looks like this:

dependencies {
  findbugsPlugins 'com.h3xstream.findsecbugs:findsecbugs-plugin:1.4.4'
}

findbugs {
  // general config
}

task findbugsSecurity(type: FindBugs, dependsOn: classes) {
  classes = fileTree(project.sourceSets.main.output.classesDir)
  source = project.sourceSets.main.java.srcDirs
  classpath = files()

  pluginClasspath = files(configurations.findbugsPlugins.asPath)
}

However, if I run the findbugsMain task now, it also includes the checks from findbugs-security!

How can I configure it so that findbugs-security checks are only used in the custom task?

Answer 1

It sounds like configuring the findbugsSecurity task is also changing the behavior of findbugsMain as you've probably guessed.

The trick is to use a new configuration because Gradle will automatically look for dependencies for the findbugsPlugins configuration and that will apply to all invocations of findbugs (See pluginClasspath part of FindBugs DSL):

configurations {
   foo
}

dependencies {
  // Important that we use a new configuration here because Gradle will use the findbugsPlugins configurations by default
  foo 'com.h3xstream.findsecbugs:findsecbugs-plugin:1.4.4'
}

findbugs { /* whatever */ }

task findbugsSecurity(type: FindBugs, dependsOn: classes) {
  classes = fileTree(project.sourceSets.main.output.classesDir)
  source = project.sourceSets.main.java.srcDirs
  classpath = files()
  pluginClasspath = files(configurations.foo.asPath)
}