Eclipse Tutorial

Im-Harrison edited this page Mar 28, 2018 · 9 revisions

Don't hesitate to correct grammar mistakes or unclear sections.

1. Installation of FindBugs plugin

You can find the Eclipse FindBugs plugin in the marketplace.

Eclipse Marketplace

Once the installation is complete, you need to restart Eclipse.

2. Configuration

The recommended configuration to use with Find Security Bugs is to limit the scan to Security only bug detectors. Go to Eclipse -> Preferences (Mac) or Window -> Preferences (Windows). Then go to Java -> FindBugs, and make sure only "Security" is checked on the "Reporting configuration" tab's "Reported (visible) bug categories" list.

Configuration FindBugs 1

You can add the Find Security Bugs plugin in the section Plugins and misc. settings.

Configuration FindBugs 2

You can disable some detectors that you want to ignore.

You need to restart Eclipse at this point. The plugin will be ignored otherwise.

3. Running a new scan

To launch a new scan you can right-click on the target project and select "Find Bugs > Find Bugs".

Launching FindBugs plugin

The scan may take up to several minutes to complete, depending on the number of classes in the project.

4. Review the findings (potential vulnerabilities)

Finally, you can navigate through the different findings using the Bug Explorer view.

Reviewing findings