mvn compile failing after adding findsecbugs-plugin

[krishna-pandey]

As suggested in the wiki, I added the plugin section as it is in my pom.xml. Now I am getting below error:

Downloading: https://repository.apache.org/content/repositories/public/com/h3xstream/findsecbugs/findsecbugs-plugin/maven-metadata.xml
Downloading: http://repository.apache.org/snapshots/com/h3xstream/findsecbugs/findsecbugs-plugin/maven-metadata.xml
Downloading: https://repository.apache.org/content/repositories/snapshots/com/h3xstream/findsecbugs/findsecbugs-plugin/maven-metadata.xml
[WARNING] Could not transfer metadata com.h3xstream.findsecbugs:findsecbugs-plugin/maven-metadata.xml from/to apache.snapshots.https (https://repository.apache.org/content/repositories/snapshots): Failed to transfer file: https://repository.apache.org/content/repositories/snapshots/com/h3xstream/findsecbugs/findsecbugs-plugin/maven-metadata.xml. Return code is: 503 , ReasonPhrase:Service Unavailable.
[WARNING] Could not transfer metadata com.h3xstream.findsecbugs:findsecbugs-plugin/maven-metadata.xml from/to apache.public.https (https://repository.apache.org/content/repositories/public): Failed to transfer file: https://repository.apache.org/content/repositories/public/com/h3xstream/findsecbugs/findsecbugs-plugin/maven-metadata.xml. Return code is: 503 , ReasonPhrase:Service Unavailable.
[WARNING] Could not transfer metadata com.h3xstream.findsecbugs:findsecbugs-plugin/maven-metadata.xml from/to apache.snapshots (http://repository.apache.org/snapshots): Failed to transfer file: http://repository.apache.org/snapshots/com/h3xstream/findsecbugs/findsecbugs-plugin/maven-metadata.xml. Return code is: 503 , ReasonPhrase:Service Unavailable.

Please let me know what broke this configuration.

[krishna-pandey]

Changing

<version>LATEST</version> 

to

<version>1.4.3</version> 

fixed this warning.

[h3xstream]

If you change your settings.xml to maven central (default repository) or OSS Sonatype, you won't get the same error because file listing is allow.

<version>LATEST</version> is not recommended in the Maven world. But in the context of FSB, it's the only way to received auto-update.

[krishna-pandey]

Now I am getting different error due to attempted transformation of the findsecbugs-plugin jar file. Any working snippet for integration of findsecbugs plugin to Maven world.

[ERROR] Failed to execute goal org.codehaus.mojo:xml-maven-plugin:1.0:transform (default) on project Test1: Failed to transform input file /home/Test1/target/findbugs/findsecbugs-plugin-1.4.3.jar: Content is not allowed in prolog. -> [Help 1]

[ThrawnCA]

That error is not related to FindSecBugs; it's coming from the XML Maven Plugin. You're trying to do an XML transformation on the findsecbugs JAR file?! I think you need to check the transformationSets on the XML plugin.

[krishna-pandey]

Intention was to generate HTML reports, which is working fine without security bugs plugin. Somehow findsecbugs plugin is landing up in the xml output directory, from where the maven is trying transformation. I am able to see the security bugs using "mvn findbugs:gui" after removing the transformation configs. Will try to get it working. Closing the issue for now.