Maven configuration

Janosch Schwalm edited this page May 6, 2018 · 16 revisions

1. POM configuration

The first step is to configure the SpotBugs Maven Plugin in your root pom.xml.


        <!-- SpotBugs Static Analysis -->
                        <version>LATEST</version> <!-- Auto-update to the latest stable -->

<includeFilterFile> : Specify the filter file limiting the research to security category only. (Disabling the detectors bundle with FindBugs not related to security).

<plugins> : Specify "Find Security Bugs" by its artifact id.


        <Bug category="SECURITY"/>



2. Doing a scan

mvn compile
mvn findbugs:findbugs

Keep in mind the goal findbugs:findbugs requires the compiled code to be present in /target/classes. (Make sure your jsp are pre-compiled for example)

3. Analyzing the result

It is possible to consult the results in multiple ways.

Official GUI

mvn findbugs:gui

XML report

A XML report is generated at target/findbugsXml.xml. This file format is read by Jenkins, for example.


FindBugs Maven Plugin : Reference for the POM configuration and the different goals.