-
Notifications
You must be signed in to change notification settings - Fork 465
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Standalone command line tool to scan jars with or without the source #100
Comments
I would love to have access to a tool like that. One of my contracts On Wed, Sep 23, 2015 at 12:15 PM, Philippe Arteau notifications@github.com
Matt Seil |
What are the advantages over standalone FindBugs GUI and CLI? It can scan JARs without the source and generate HTML reports, you just need to drop FindSecurityBugs to the plugin folder. |
The idea would be to wrap the current CLI or create something new. My objective is to have a simpler alternative: single jar and minimal configuration. It could potentially support the other FindBugs CLI arguments. |
It is based on FindBugs command line client.
Here is a preview of the first version. All FindBugs arguments will work.
|
I'm not clear on the answer to @formanek ; what is the advantage over |
It is the same thing. The idea is just to provide an all-in-one package. The tool I'm referring in the original description is actually something different from what was finally release. |
I already have build a unofficial command line tool that bundle FindBugs and FindSecurityBugs.
I think it could be useful to release it for the following use cases: scanning dependencies, scanning application without the source code and Android binary (transformed from dex2jar).
The new tool would be a separated module that depends on the plugin module.
The text was updated successfully, but these errors were encountered: