Questions tagged [spotbugs]
SpotBugs is a program which uses static analysis to look for bugs in Java code. SpotBugs is the spiritual successor of FindBugs, carrying on from the point where it left off with support of its community.
spotbugs
173
questions
0
votes
0
answers
53
views
Using findbugs To Scan A Specific Java Class File And Get "Unable to get XClass for java/lang/Object" Exception
I added spotbugs as dependency in my pom.xml.
<dependency>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs</artifactId>
<...
0
votes
0
answers
33
views
How to create SpotBugs report with Gradle?
I don't know how to create reports with SpotBugs in my Gradle config.
Here's my config (non-SpotBugs stuff ommitted):
import com.github.spotbugs.snom.Confidence
import com.github.spotbugs.snom.Effort
...
0
votes
0
answers
179
views
Spotbugs issue with Java 17
I am using spotbugs in my grails application with Java 11 and it is working fine. But when I upgraded to Java 17 it is causing error. I even tried using spotbugs version which is compatible with Java ...
0
votes
1
answer
86
views
Getting overly concrete parameter error (OCP_OVERLY_CONCRETE_PARAMETER) even when List type object is used
I have a method in a class which takes 'List' type parameter. When I run the spotbugs check it is returning below error (overly concrete parameter). Though the given method uses list it is complaining ...
0
votes
0
answers
48
views
How to change the severity level in SpotBug (Jenkins)?
I'm using Jenkins with a maven spotbug plugin and certains "bugs" are listed as low, for example some MALICIOUS_CODE category and I found that classification too gentle.. Maybe it being &...
-1
votes
1
answer
131
views
Synchronized getter for `static final` singleton instances
TLDR: Why does the getter of a static final singleton holder need to have a synchronized modifier?
Spotbugs' SING_SINGLETON_GETTER_NOT_SYNCHRONIZED ("SING: Instance-getter method of class using ...
0
votes
0
answers
64
views
SpotBugs Maven Plugin - Multimodule Configuration
I would like to enable the SpotBugs Maven Plugin on my multimodule project.
There is a documentation on the official homepage for that, but the proposed project structure put's all existing modules ...
0
votes
0
answers
155
views
How is "May expose internal representation" a malicous vulnerability?
I am utilizing spotbugs to help review an oracle adf application for errors and vulnerabilities prior to deployment. Two of the malicious code vulnerabilities warnings spotbugs finds are:
"...
0
votes
2
answers
141
views
Java: Spotbugs-Annotation `@CheckForNull` deprecated. What to use instead?
In order to help my static code analysis, I have used the @CheckForNull -Annotation from spotbugs: edu.umd.cs.findbugs.annotations.CheckForNull
It has come to my awareness that this annotation though ...
0
votes
1
answer
165
views
Gradle Build is getting exit code error spot bug task
This is my configuration.Keeping it brief only for spotbug configuration
plugins{
id "com.github.spotbugs" version "6.0.3"
}
// Spotbugs Plugin Configuration
spotbugs {
...
0
votes
0
answers
124
views
SpotBugsRunAnalysis in Maven@3 requires report of agrregator sub-module which contains no source
I do use Jacoco configured for a multi-module project. That means, that I have create an additional module 'code-coverage-report' to aggregate the reports of all other sub-modules.
This new module (...
-1
votes
1
answer
213
views
com.github.spotbugs spotbugs-maven-plugin in pom.xml <build> section or <reporting>
What I am trying to achieve:
Run the maven spotbugs (findbugs) plugin during mvn site command, but not mvn clean install.
What did I try:
I tried putting the spotbugs plugin in the build section of ...
0
votes
0
answers
168
views
SPOTBUGS SUPPRESSION
I want to suppress an error that I got by running mvn spotbugs:check
I have a file named requestBodyDto.java in my code as below:
import com.fasterxml.jackson.annotation.JsonProperty;
import lombok....
1
vote
1
answer
1k
views
How to solve EI_EXPOSE_REP in records for Lists
Spotbugs raises a warning EI_EXPOSE_REP (May expose internal representation by returning reference to mutable object) for the following code:
public record Example(
List<String> ex) {
...
0
votes
1
answer
167
views
pre commit script for code review using spotbug
I am trying to write a script for a code review using a pre-commit hook. I am looking for a script that will run on every commit and perform the code review using SpotBugs or a similar tool. I have ...