------
Usage version4.8.4.0/version The following examples describe the basic usage of the SpotBugs plugin.
Generate SpotBugs Report As Part of the Project Reports
To generate the SpotBugs report as part of the Project Reports, add the SpotBugs plugin in the <reporting> section of your pom.xml.
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
...
<reporting>
<plugins>
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>4.8.4.0</version>
</plugin>
</plugins>
</reporting>
...
</project>
Then, execute the site plugin to generate the report.
mvn site
Generate SpotBugs xdoc Report As Part of the Project Reports
To generate the SpotBugs xdoc report as part of the Project Reports, add the SpotBugs plugin in the <reporting> section of your pom.xml. This will be the same report as that of the Maven 1 SpotBugs report. It is also the format used by Hudson. The output file will be written as spotbugs.xml to either the default output directory of ${project.build.directory} or by that started in the <xmlOutputDirectory> option.
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
...
<reporting>
<plugins>
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>4.8.4.0</version>
<configuration>
<xmlOutput>true</xmlOutput>
<!-- Optional directory to put spotbugs xdoc xml report -->
<xmlOutputDirectory>target/site</xmlOutputDirectory>
</configuration>
</plugin>
</plugins>
</reporting>
...
</project>
Then, execute the site plugin to generate the report.
mvn site
Specifying which bug filters to run
To filter the classes and methods which are analyzed or omitted from analysis you can use filters. The filters allow specifying by class and method which bug categories to include/exclude in/from the reports. The filter format specification also contains useful examples.
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
...
<reporting>
<plugins>
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>4.8.4.0</version>
<configuration>
<excludeFilterFile>spotbugs-exclude.xml</excludeFilterFile>
<includeFilterFile>spotbugs-include.xml</includeFilterFile>
</configuration>
</plugin>
</plugins>
</reporting>
...
</project>
Then, execute the site plugin to generate the report.
mvn site
Specifying which bug detectors to run
The visitors option specifies a comma-separated list of bug detectors which should be run. The bug detectors are specified by their class names, without any package qualification. By default, all detectors which are not disabled are run.
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
...
<reporting>
<plugins>
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>4.8.4.0</version>
<configuration>
<visitors>FindDeadLocalStores,UnreadFields</visitors>
</configuration>
</plugin>
</plugins>
</reporting>
...
</project>
Then, execute the site plugin to generate the report.
mvn site
Specifying which bug detectors to skip
The omitVisitors option is like the visitors attribute, except it specifies detectors which will not be run.
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
...
<reporting>
<plugins>
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>4.8.4.0</version>
<configuration>
<omitVisitors>FindDeadLocalStores,UnreadFields</omitVisitors>
</configuration>
</plugin>
</plugins>
</reporting>
...
</project>
Then, execute the site plugin to generate the report.
mvn site
Specifying which classes to analyze
The onlyAnalyze option restricts analysis to the given comma-separated list of classes and packages.
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
...
<reporting>
<plugins>
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>4.8.4.0</version>
<configuration>
<onlyAnalyze>com.github.spotbugs.spotbugs.*</onlyAnalyze>
</configuration>
</plugin>
</plugins>
</reporting>
...
</project>
Then, execute the site plugin to generate the report.
mvn site
Using Third party or your own detectors
The pluginList option specifies a comma-separated list of optional BugDetector Jar files to add.
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
...
<reporting>
<plugins>
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>4.8.4.0</version>
<configuration>
<pluginList>myDetectors.jar, yourDetectors.jar</pluginList>
</configuration>
</plugin>
</plugins>
</reporting>
...
</project>
Then, execute the site plugin to generate the report.
mvn site
Using Detectors from a Repository
The plugins option defines a collection of PluginArtifact to work on. (PluginArtifact contains groupId, artifactId, version, type.)
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
...
<reporting>
<plugins>
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>4.8.4.0</version>
<configuration>
<plugins>
<plugin>
<groupId>com.timgroup</groupId>
<artifactId>spotbugs4jmock</artifactId>
<version>0.2</version>
</plugin>
</plugins>
</configuration>
</plugin>
</plugins>
</reporting>
...
</project>
Then, execute the site plugin to generate the report.
mvn site
Launch the Spotbugs GUI
This will launch the SpotBugs GUI configured for this project and will open the spotbugsXml.xml file if present. It therefore assumes a pom.xml with the minimum as follows.
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
...
<reporting>
<plugins>
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>4.8.4.0</version>
<configuration>
<!-- Optional directory to put spotbugs xml report -->
</configuration>
</plugin>
</plugins>
</reporting>
...
</project>
Then, execute the spotbugs plugin with the gui option.
mvn spotbugs:gui