Standalone execution

[anantshri]

Consider this as a feature request if its not already possible.

Is it possible to run the plugin directly from commandline without integrating with other systems such as jenkins etc.

[dpnishant]

@anantshri Jenkins too runs a command as you would run it on a shell. You can use mvn findbugs:findbugs to run the plugin. However do keep in mind that can only run on compiled binaries and not on raw .java or .jsp sources.

[h3xstream]

@dpnishant is right.

@anantshri What is your build system?
We have put example of configuration for Gradle, Maven and SBT here: https://github.com/find-sec-bugs/find-sec-bugs-demos
The respective plugin can be trigger without CI.

Alternatively, their is a recent experiment .. A CLI client that analyze JAR and classes folder.
https://github.com/find-sec-bugs/find-sec-bugs/wiki/CLI-Tutorial

[mkienenb]

@anantshri Even though it is not currently well-documented, the command-line findbugs tool accepts the -pluginList argument, which you can point to the find-sec-bugs plugin.

[anantshri]

@dpnishant and @mkienenb thanks for the pointers folks. that should solve my problem.

@h3xstream This is for integrating find-sec-bugs into androidtamer distribution where primarily people will be doing a blackbox review of application and since no CI so needed a CLI way of getting by with the system.

I suppose the answers are adequate and i have ways to achieve this now hence closing the issue.