Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Add findsecbugs plugin to spotbugs. #361
Add findsecbugs plugin to spotbugs. And suppress existing warnings. We should clean some of them up, but that's for different PRs at a later time.
Some of the issues findsecbugs just misidentifies. With some it doesn't understand enough context.
As always with these sort of of analysis tools, adding them to existing code correctly can be a bit of a challenge. It's easier to suppress things that aren't really problems than to clean all of them up. Most of the benefit from applying these tools comes from checking newly added code and preventing new issues from creeping in.
Did a more thorough look through the various warnings. Some need better descriptions, while others could potentially be updated to guard against the bug even if it's not exploitable in the current ecosystem.