Menu
This is my pom.xml:
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>de.stackoverflow.test</groupId>
<artifactId>HelloWorld</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>jar</packaging>
<name>HelloWorld</name>
<dependencies>
<dependency>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-annotations</artifactId>
<version>3.1.0-RC5</version>
<optional>true</optional>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>com.github.hazendaz.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>3.0.6</version>
<dependencies>
<dependency>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs</artifactId>
<version>3.1.0-RC5</version>
</dependency>
</dependencies>
</plugin>
</plugins>
</build>
mvn compile, mvn package and mvn site run without any problems. Build Success.
The project consists of a single HelloWorld.java with some bugs in it.
mvn site does not show me any bugs or errors. How do I get SpotBugs to scan my code?
441
Quick Start If you are running SpotBugs on a Windows system, double-click on the file %SPOTBUGS_HOME%\lib\spotbugs. jar to start the SpotBugs GUI. On a Unix, Linux, or macOS system, run the $SPOTBUGS_HOME/bin/spotbugs script, or run the command java -jar $SPOTBUGS_HOME/lib/spotbugs. jar to run the SpotBugs GUI.
SpotBugs looks for bugs in Java programs. It is based on the concept of bug patterns. A bug pattern is a code idiom that is often an error.
Use spotbugs-maven-plugin version 3.1.0-RC6, then you can find problem by mvn spotbugs:spotbugs. You may refer official document in readthedocs.
56
The spotbugs:check mojo runs by default in the verify phase of the maven lifecycle. This phase is located after compile and package.
To trigger the spotbugs check, invoke Maven with anything >= verify, for instance mvn verify or mvn install.
You could also attach the plugin to another lifecycle phase, I presume, like this:
<execution>
<id>check</id>
<phase>test</phase>
<goals>
<goal>check</goal>
</goals>
</execution>
I have not tested that, though.
6
For spotbugs to run as part of mvn site you just need to ensure the plugin is in the <reporting> section in your pom.xml:
<reporting>
<plugins>
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>4.0.4</version>
</plugin>
</plugins>
</reporting>
The <reporting> element is at the same level as the <build> element.
I'd also add that a useful convenience method to run spotbugs on a project without adding anything to the pom is:
mvn com.github.spotbugs:spotbugs-maven-plugin:spotbugs
Then inspect target/spotbugsXml.xml.
Even more convenient sometimes is the gui goal:
mvn com.github.spotbugs:spotbugs-maven-plugin:gui
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
