Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Clone this wiki locally
Don't hesitate to correct grammar mistakes or unclear sections.
1. Installation of FindBugs plugin
You can find the Eclipse FindBugs plugin in the marketplace.
Once the installation is complete, you need to restart Eclipse.
The recommended configuration to use with Find Security Bugs is to limit the scan to Security only bug detectors. Go to Eclipse -> Preferences (Mac) or Window -> Preferences (Windows). Then go to Java -> FindBugs, and make sure only "Security" is checked on the "Reporting configuration" tab's "Reported (visible) bug categories" list.
You can add the Find Security Bugs plugin in the section Plugins and misc. settings.
You can disable some detectors that you want to ignore.
You need to restart Eclipse at this point. The plugin will be ignored otherwise.
3. Running a new scan
To launch a new scan you can right-click on the target project and select "Find Bugs > Find Bugs".
The scan may take up to several minutes to complete, depending on the number of classes in the project.
4. Review the findings (potential vulnerabilities)
Finally, you can navigate through the different findings using the Bug Explorer view.