Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time
April 26, 2017 15:50
November 24, 2023 09:39
November 3, 2016 20:00
January 4, 2020 15:10
November 15, 2016 22:26
February 19, 2017 13:26
January 20, 2016 19:10
July 27, 2018 21:12


Build Status Open Source Helpers

a FindBugs and SpotBugs plugin for doing static code analysis on java byte code. For information see

Available on

for FindBugs:

   GroupId: com.mebigfatguy.fb-contrib
ArtifactId: fb-contrib
   Version: 7.6.1

For SpotBugs

ArtifactId: sb-contrib


  • Dave Brosius


  • Bhaskar Maddala
  • Chris Peterson
  • Grzegorz Slowikowski
  • Trevor Pounds
  • Ronald Blaschke
  • Zenichi Amano
  • Philipp Wiesemann
  • Kevin Lubick
  • Philippe Arteau
  • Thrawn
  • Juan Martin Sotuyo Dodero
  • Richard Fearn
  • Mikkel Kjeldsen
  • Jeremy Landis
  • Peter Hermsdorf
  • David Burström
  • Venkata Gajavalli
  • Rubén López
  • Pavel Roskin
  • Kevin Seymour

fb-contrib has two main branches, 'findbugs' and 'spotbugs'. Code is committed to findbugs, and then merged to spotbugs. It is preferable therefore to create merge requests against the findbugs branch. Thanks!

Setting up for Development - Ant

  1. Download/install Eclipse, ideally 4.3 (Kepler) or newer. The standard release (for Java) will work fine.
  2. Ant Dependencies Download yank, the dependency manager and bug-rank-check-style. Both jars (v1.2.0+ and v1.0.0+) should go in your ~/.ant/lib folder, which you will have to make if it doesn't exist. Windows people, this goes under [Username]/.ant/lib. Don't have more than one version of either jar in this folder, as it's not clear which one Ant will load, leading to annoying compatibility issues. This can be done using the ant target ant infra_jars
  3. Fork this git repo and clone it. GitHub for Windows or GitHub for Mac are good clients if you don't already have one.
  4. Open Eclipse. File>Import and then choose "Existing projects into workspace", and find the fb-contrib folder you created in step 3. Ignore any compile errors (for now).
  5. Using git, clone the FindBugs repository using git clone You will only need the findbugs subfolder (the one that has README.txt in it). You can delete the rest, if you wish.
  6. Import this project into Eclipse as well. You may wish to mark these files as read-only, so you modify the "correct" files.
  7. In the fb-contrib project, find the file. Make a copy of it named (this will not be tracked by version control). Modify the findbugs.dir property to where ever you have the FindBugs distribution installed. This is the executable FindBugs folder, not the source folder. The jar will be "installed" to (findbugs.dir)\plugin. For example, If you are using FindBugs with Eclipse (and you extracted Eclipse to C:\), you'll set this to something like findbugs.dir=/eclipse/plugins/edu.umd.cs.findbugs.plugin.eclipse_3.0.0.20140706-2cfb468
  8. Finally, build fb-contrib by finding the build.xml file in Eclipse, right-click it, and select Run As > Ant Build. The dependencies needed should be downloaded to fb-contrib/lib and the fb-contrib-VERSION.jar should be built.

Setting up for Development - Maven

  1. Download/install Maven, version 2.2.1 or newer.
  2. Clone the Git repository, as per step 3 above.
  3. Run mvn clean install in the fb-contrib directory.

Usage - Maven

To include the fb-contrib detectors when checking your project with FindBugs, you can use the FindBugs Maven plugin. The group ID for fb-contrib is com.mebigfatguy.fb-contrib, and the artifact ID is fb-contrib. Eg:


Or to include the fb-contrib detectors when checking your project with Spotbugs, you can use the SpotBugs Maven plugin which is a fork of findbugs maven plugin to provide spotbugs integration. The group ID for sb-contrib is, and the artifact ID is sb-contrib. Eg:


Usage - Gradle

apply plugin: 'findbugs'

dependencies {
    // We need to manually set this first, or the plugin is not loaded
    findbugs ''
    findbugs configurations.findbugsPlugins.dependencies

    // To keep everything tidy, we set these apart
    findbugsPlugins 'com.mebigfatguy.fb-contrib:fb-contrib:7.6.1'

task findbugs(type: FindBugs) {
   // Add all your config here ...

   pluginClasspath = project.configurations.findbugsPlugins


Once you have the dev environment set up, feel free to make changes and pull requests. Any edits are much appreciated, from finding typos, to adding examples in the messages, to creating new detectors, all help is welcome.

External guides for making detectors:

Misc references about bytecode:

For making detectors, it best to make several test cases, like those in the sample directory. Even better is if you can comment where you expect bug markers to appear and why, like this.

In your pull request, give an overview of your changes along with the related commits.

If you are not up for contributing code but notice a common problem with some third party library, or general purpose pattern, please add an issue too. We always like new ideas.

Often available on #fb-contrib on for conversation.