FindBugs Maven Plugin Tutorial

FindBugs is a static code analysis tool which identifies problems found from Java code.

We can integrate FindBugs into our build process by using the FindBugs Maven plugin. This blog post identifies four typical use cases and describes how we can configure the FindBugs Maven plugin to support each use case.

The described use cases are:

  1. Create FindBugs report as a part of the project reports.
  2. Fail the build if FindBugs finds problems from the source code.
  3. Create a XML report without failing the build.
  4. Create both XML and HTML reports without creating the site.

Let's get started.

Use Case 1: Create Findbugs Report as a Part of the Project Reports

Sometimes we don't want to run static code analysis every time when our project is compiled. Instead we want to run it manually when we need it. If this is the case, our best option is to create the FindBugs report when we create the site of the project.

We can do this by following these steps:

  1. Add the declaration of the FindBugs Maven plugin to the reporting section of the pom.xml file.
  2. Configure the FindBugs Maven plugin by following these steps:
    1. Ensure that most accurate analysis is performed.
    2. Ensure that all bugs are reported.
    3. Ensure that XML report is generated.

The relevant part of the pom.xml file looks as follows:

<reporting>
    <plugins>
        <plugin>
            <groupId>org.codehaus.mojo</groupId>
            <artifactId>findbugs-maven-plugin</artifactId>
            <version>2.5.2</version>
            <configuration>
                <!--
                    Enables analysis which takes more memory but finds more bugs.
                    If you run out of memory, changes the value of the effort element
                    to 'low'.
                -->
                <effort>Max</effort>
                <!-- Reports all bugs (other values are medium and max) -->
                <threshold>Low</threshold>
                <!-- Produces XML report -->
                <xmlOutput>true</xmlOutput>
            </configuration>
        </plugin>
    </plugins>
</reporting>

In other words, when we want to create the FindBugs report, we have to run the following command at command prompt:

mvn clean compile site

Let’s move on and find out how we can fail the build if FindBugs finds problems from our source code.

Use Case 2: Fail the Build if Problems Are Found

If we want to be sure that our code doesn't contain even a minor problem, it might be good idea to run static code analysis every time when our project is compiled. Of course, this makes sense only if the build is failed when a problem is found.

In other words, we have to configure the FindBugs Maven plugin to fail the build if problems are found. We can do this by following these steps:

  1. Add the plugin declaration to the plugins section of the pom.xml file.
  2. Configure the FindBugs Maven plugin by following these steps:
    1. Ensure that most accurate analysis is performed.
    2. Ensure that all bugs are reported.
    3. Ensure that XML report is generated.
    4. Configure the plugin to create the XML report to the directory ${project.build.directory}/findbugs.
  3. Add an execution which runs the plugin’s check goal during the compile Maven lifecycle phase.

The relevant part of the pom.xml file looks as follows:

<build>
    <plugins>
        <plugin>
            <groupId>org.codehaus.mojo</groupId>
            <artifactId>findbugs-maven-plugin</artifactId>
            <version>2.5.2</version>
            <configuration>
                <!--
                    Enables analysis which takes more memory but finds more bugs.
                    If you run out of memory, changes the value of the effort element
                    to 'Low'.
                -->
                <effort>Max</effort>
                <!-- Reports all bugs (other values are medium and max) -->
                <threshold>Low</threshold>
                <!-- Produces XML report -->
                <xmlOutput>true</xmlOutput>
                <!-- Configures the directory in which the XML report is created -->
                <findbugsXmlOutputDirectory>${project.build.directory}/findbugs</findbugsXmlOutputDirectory>
            </configuration>
            <executions>
                <!-- 
                    Ensures that FindBugs inspects source code when project is compiled. 
                -->
                <execution>
                    <id>analyze-compile</id>
                    <phase>compile</phase>
                    <goals>
                        <goal>check</goal>
                    </goals>
                </execution>
            </executions>
        </plugin>
    </plugins>
</build>

This configuration ensures that the check goal of the Maven FindBugs plugin is invoked during the compile Maven lifecycle phase. If FindBugs finds problems from the source code, it fails the build.

Let's move on and find out how we can create XML report without creating the site or failing the build.

Use Case 3: Create XML Report Without Failing the Build

If we want to integrate Jenkins with FindBugs, we need to find a way to create XML reports without failing the build.

We can configure the FindBugs Maven plugin to do this by following these steps:

  1. Configure the FindBugs Maven plugin as described in the previous section (Use case 2).
  2. Ensure that the build doesn't fail if problems are found by setting the value of the failOnError configuration property to false.

The relevant part of the pom.xml file looks as follows:

<build>
    <plugins>
        <plugin>
            <groupId>org.codehaus.mojo</groupId>
            <artifactId>findbugs-maven-plugin</artifactId>
            <version>2.5.2</version>
            <configuration>
                <!--
                    Enables analysis which takes more memory but finds more bugs.
                    If you run out of memory, changes the value of the effort element
                    to 'Low'.
                -->
                <effort>Max</effort>
                <!-- Build doesn't fail if problems are found -->
                <failOnError>false</failOnError>
                <!-- Reports all bugs (other values are medium and max) -->
                <threshold>Low</threshold>
                <!-- Produces XML report -->
                <xmlOutput>true</xmlOutput>
                <!-- Configures the directory in which the XML report is created -->
                <findbugsXmlOutputDirectory>${project.build.directory}/findbugs</findbugsXmlOutputDirectory>
            </configuration>
            <executions>
                <!--
                    Ensures that FindBugs inspects source code when project is compiled.
                -->
                <execution>
                    <id>analyze-compile</id>
                    <phase>compile</phase>
                    <goals>
                        <goal>check</goal>
                    </goals>
                </execution>
            </executions>
        </plugin>
    </plugins>
</Build>

We can now create the XML report by compiling the project.

The last use case describes how we can create both XML and HTML reports without creating the site or failing the build. Let's see how this is done.

Use Case 4: Create Both XML and HTML Reports Without Creating the Site

If we want to create both XML and HTML reports without creating the project site or failing the build, we have to follow these steps:

  1. Configure the FindBugs Maven plugin as described in the previous section (use case 3).
  2. Add the declaration of the XML Maven Plugin to the plugins section of the pom.xml file.
  3. Configure the plugin by following these steps:
    1. Create a transformation set which transforms all XML files found from the ${project.build.directory}/findbugs directory and writes the results of the XSLT transformation to the same directory.
    2. Configure stylesheet which specifies the output of the XSLT transformation. The FindBugs library provides five stylesheets which can be used for this purpose. The available stylesheets are described in the sample configuration.
    3. Ensure that all output files of the XSLT transformation have the file extension .html.
  4. Add an execution which invokes the transform goal of the XML Maven plugin during the compile Maven lifecycle phase.
  5. Add FindBugs (version 2.0.1) as the dependency of the plugin.

The relevant part of the pom.xml file looks as follows:

<build>
    <plugins>
        <plugin>
            <groupId>org.codehaus.mojo</groupId>
            <artifactId>findbugs-maven-plugin</artifactId>
            <version>2.5.2</version>
            <configuration>
                <!--
                    Enables analysis which takes more memory but finds more bugs.
                    If you run out of memory, changes the value of the effort element
                    to 'Low'.
                -->
                <effort>Max</effort>
                <!-- Build doesn't fail if problems are found -->
                <failOnError>false</failOnError>
                <!-- Reports all bugs (other values are medium and max) -->
                <threshold>Low</threshold>
                <!-- Produces XML report -->
                <xmlOutput>true</xmlOutput>
                <!-- Configures the directory in which the XML report is created -->
                <findbugsXmlOutputDirectory>${project.build.directory}/findbugs</findbugsXmlOutputDirectory>
            </configuration>
            <executions>
                <!--
                    Ensures that FindBugs inspects source code when project is compiled.
                -->
                <execution>
                    <id>analyze-compile</id>
                    <phase>compile</phase>
                    <goals>
                        <goal>check</goal>
                    </goals>
                </execution>
            </executions>
        </plugin>
        <plugin>
            <groupId>org.codehaus.mojo</groupId>
            <artifactId>xml-maven-plugin</artifactId>
            <version>1.0</version>
            <configuration>
                <transformationSets>
                    <transformationSet>
                        <!-- Configures the source directory of XML files. -->
                        <dir>${project.build.directory}/findbugs</dir>
                        <!-- Configures the directory in which the FindBugs report is written.-->
                        <outputDir>${project.build.directory}/findbugs</outputDir>
                        <!-- Selects the used stylesheet. -->
                        <!-- <stylesheet>fancy-hist.xsl</stylesheet> -->
                        <stylesheet>default.xsl</stylesheet>
                        <!--<stylesheet>plain.xsl</stylesheet>-->
                        <!--<stylesheet>fancy.xsl</stylesheet>-->
                        <!--<stylesheet>summary.xsl</stylesheet>-->
                        <fileMappers>
                            <!-- Configures the file extension of the output files. -->
                            <fileMapper
                                    implementation="org.codehaus.plexus.components.io.filemappers.FileExtensionMapper">
                                <targetExtension>.html</targetExtension>
                            </fileMapper>
                        </fileMappers>
                    </transformationSet>
                </transformationSets>
            </configuration>
            <executions>
                <!-- Ensures that the XSLT transformation is run when the project is compiled. -->
                <execution>
                    <phase>compile</phase>
                    <goals>
                        <goal>transform</goal>
                    </goals>
                </execution>
            </executions>
            <dependencies>
                <dependency>
                    <groupId>com.google.code.findbugs</groupId>
                    <artifactId>findbugs</artifactId>
                    <version>2.0.1</version>
                </dependency>
            </dependencies>
        </plugin>
    </plugins>
</build>
This solution was originally described in this StackOverflow question.

Also, if you cannot create the HTML report because your build fails, you should use this workaround (Thanks Enigo).

We can now create both HTML and XML reports by compiling our project.

Summary

We have now identified four typical use cases of the FindBugs Maven plugin and learned how we can configure the plugin to support each use case.

If you know a use case that wasn't covered by this tutorial, please let me know by leaving a comment to this blog post.

You can get the example application of this blog post from Github.

Additional Reading:

43 comments… add one
  • Gualtiero Jan 16, 2014 @ 22:18

    Great post. Thanks for sharing.
    May be in use case 3 point 2 variable should be set to false not true

    • Petri Jan 16, 2014 @ 22:23

      Thank you for your kind words. I really appreciate them!

      Also, thank you for pointing that error out. I fixed the description of use case 3 as you suggested.

  • Nick Stolwijk Jan 22, 2014 @ 16:55

    Another usecase I mostly use: Run Findbugs through the Sonar Analyzer, so you can build a history of your project. Also, you can use other QA tools the Java and Maven community has to offer, like Checkstyle, PMD and Cobertura.

    • Petri Jan 22, 2014 @ 23:04

      Nick,

      That is a good use case as well. I have been thinking that maybe I should write a tutorial which describes how you can configure these tools when you use Jenkins. Do you think that this tutorial would be interesting?

      • Eudris Cabrera Jan 30, 2014 @ 23:15

        Great post !.
        I spent several hours configuring findbugs to work with buildhive. I could not get it run !!. I was using the use case 3 (https://wiki.jenkins-ci.org/display/JENKINS/FindBugs+Plugin), with the use case 4, i'm getting what i was looking for !!.

        Thanks for sharing.

        Take a look on Astive, a toolkit and server for Java that provides an extensible architecture for developing, maintaining, and deploying telephony apps over Asterisk.

        http://astivetoolkit.org
        https://github.com/PhonyTive/astivetoolkit

        • Petri Feb 1, 2014 @ 21:33

          It is good to hear that this blog post helped you to solve your problem!

          Thank you for letting me know about the Astive Toolkit. I will keep it in mind if I am developing telephony applications in the future.

  • mojo Mar 6, 2014 @ 3:15

    great article.

    how can i transform findbugXML to an html and fail the build? also, when I use compile i get this: Plugin execution not covered by lifecycle configuration.
    so i opted to use verify

    what im really interested in is to fail the build and transform findbugXML to an html. Any thoughts on this?

    Thank you!

    • Petri Mar 10, 2014 @ 19:07

      Hi,

      Are you trying to compile the project by using Eclipse? If so, you should read the M2E plugin execution not covered page of the Eclipse wiki. Also, if you cannot get the M2E plugin to work, you can compile the project from the command prompt.

      About your second question:

      I am not sure if it possible to create the custom HTML report (use case 4) if you fail the build when errors are found. The problem is that the XML report is created when the check goal of the Findbugs Maven plugin is invoked. If you fail the build when errors are found, the transform goal of the XML Maven plugin is never invoked.

      Of course you could inspect the XML report after the custom HTML report is created and fail the build if problems are found. The problem is that I have no idea how you can do this. If you happen to find a way to do this, let me know (this seems very useful).

  • Anonymous Aug 6, 2014 @ 12:39

    Hi,
    I want to use some custom rulesets in findbug. Is there any way out to do this.?
    Please Help.

  • MvnN00b Aug 18, 2014 @ 22:34

    I have my POM configured as in Use Case 4, and it's been going great for at least six months, until recently, all of sudden I now get the following errors from the xml-maven-plugin whenever it is run (causing the build to fail):

    [INFO] --- xml-maven-plugin:1.0:transform (default) @ ... ---
    Warning: org.apache.xerces.parsers.SAXParser: Feature 'http://javax.xml.XMLConstants/feature/secure-processing' is not recognized.
    Warning: org.apache.xerces.parsers.SAXParser: Property 'http://javax.xml.XMLConstants/property/accessExternalDTD' is not recognized.
    Warning: org.apache.xerces.parsers.SAXParser: Property 'http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit' is not recognized.
    [INFO] Transforming file: /.../target/findbugs/findbugsXml.xml
    [INFO] Transforming file: /.../target/findbugs/findbugsXml.html
    ERROR: 'The entity name must immediately follow the '&' in the entity reference.'
    ERROR: 'com.sun.org.apache.xml.internal.utils.WrappedRuntimeException: The entity name must immediately follow the '&' in the entity reference.'

    The strange thing is, the findbugsXml.html and findbugsXml.xml files are created successfully and are viable. I swear there have been no changes to the POM to cause this to start breaking. Why is this happening? How can I rectify it? I liked having successfull builds AND fancy-hist.xsl reports...

    • Petri Aug 20, 2014 @ 20:29

      I have never faced this problem myself but I found bug report, and it seems that you are not the only one who has this problem. Have you started using a newer Java version?

      Also, I found this blog post that suggests that you should update XercesImpl.jar to a newer version.

      I hope that this answer was useful to you even though I couldn't provide a solution to your problem.

  • Bhushan Patil Apr 1, 2015 @ 12:26

    Hi Petri, nice article. I want to know if there is any way that I could tell findbugs to check for bugs in only new code because we have very large legacy codebase and findbugs takes too much time to scan whole code when there is no need to check the code which is not changed.

    • Petri Apr 1, 2015 @ 12:49

      Hi,

      You can exclude or include analyzed classes and methods by using so called filter files. The documentation of the Findbugs Maven Plugin describes how you can use filter file to both include and exclude analyzed classes and methods (search for string 'Filter bugs to report'). The filter format specification describes how you can create the actual filter files.

      I don't know if it is possible to create a filter that includes only changed files, but if your legacy code is found from different package than the new code, it is possible to exclude your legacy code from the analysis.

  • shanthisagar Apr 14, 2015 @ 0:29

    Hi Petri,

    Thanks for the wonderful explanation.
    Currently I could observe that the analysis is being done for all the java classes included in the project for example in src/main/java, target/generated-sources, src/generated/java.
    Is there any way that we can ask findbugs plugins to generate reports for java files only in src/main/java.

    • Petri Apr 14, 2015 @ 20:25

      Hi Shanthisagar,

      Check out a blog post titled: Exclude generated classes from Findbugs report.

      If the generated classes are generated in the same package than the other classes, and you cannot exclude that package, you can use the Source element in the Findbugs filter file. The filter format specification provides more information about this.

      • shanthisagar Apr 16, 2015 @ 2:36

        Thanks Petri. This worked like a charm.

        • shanthisagar Apr 16, 2015 @ 16:58

          Hi Petri,

          I thought it worked but it didn't.

          I have written a findbugs-include.xml filter like below

          The above I thought would do findbugs analysis for only java files residing in abc.def.modules.transformers package, but it not doing that
          But if I use below config which is filtering based on class names, findbugs starts analyzing.

          The way I have mentioned "Source" tag is it the right way?

          • shanthisagar Apr 16, 2015 @ 16:59

            Sorry, I am not able to post the xml format.

            Kindly follow the link https://sourceforge.net/p/findbugs/discussion/334433/thread/3197655e/?limit=25#4f33

          • Petri Apr 16, 2015 @ 18:06

            You should use the Source element only if you want to include or exclude source files. The FindBugs filter format specification describes the Source element as follows:

            This element matches warnings associated with a particular source file. The name attribute is used to specify the exact or regex match pattern for the source file name.

            I assume that if you use this match clause, you cannot use the package notation which you are using in your configuration.

            If you want to include or exclude all classes found from a specific package, you should configure the match clause by using the Package element. According to this blog post, this configuration should do the trick:

            <FindBugsFilter>
              <Match>
                <Package name="~abc.def.modules.transformers.*" />
              </Match>
            </FindBugsFilter>
            

          • shanthisagar Apr 16, 2015 @ 19:15

            My intention is for the findbugs to do analysis only on the java files residing in src/main/java and thats the reason I was wanting to use "Source".
            If I use the "Package" , then the class files belonging to that package will the put forward for analysis. Well, this includes the generated classes residing in the same directory, which is what I don't want.

          • Petri Apr 16, 2015 @ 19:50

            Ah. I was a bit confused because you mentioned that you want to analyze the java files found from abc.def.modules.transformers package.

            Anyway, you should not use the string '~abc\.def\.modules\.transformers.*' as the value of the name attribute because the filter format specification states that it requires an exact file name or a regex match pattern. It also has an example that demonstrates the usage of the Source match clause (search for a string 'match all classes generated from Groovy source files').

  • Kevin Jul 17, 2015 @ 11:03

    Petri I tried to do case 4 and copied the xml code you listed exactly as it is here (and I did the previous case configurations as case 4 requested), but I still only get xml generated when I run mvn compile findbugs:findbugs .. any tips on what might be preventing the html file generation?

    • Petri Jul 17, 2015 @ 12:36

      Hi Kevin,

      I tested the case 4 by following these steps:

      1. I configured my pom.xml file.
      2. I ran the command: mvn clean compile at the command prompt.

      Sadly, I couldn't reproduce your problem :( I found both XML and HTML reports from the target/findbugs directory. If you compare your pom.xml file with my pom.xml file, do you find any differences?

      P.S. Thank you for your comment. I noticed that the example project doesn't work with Java 8 => I need to update it.

      • Kevin Jul 18, 2015 @ 1:34

        Hi. This is my pom.xml code: http://pastebin.com/MwZK99fM

        When I run mvn clean compile, I get no FindBugs file (xml or html) created. When I run mvn compile findbugs:findbugs, I still only get xml (no html). Do you see a potential problem in my xml? Thanks.

        • Kevin Jul 18, 2015 @ 6:19

          Just wanted to add: after running mvn compile findbugs:findbugs, I get the xml generate in a targer folder. I look in that same folder for an html file, but I see nothing.

      • Kevin Jul 18, 2015 @ 6:57

        I changed my pom.xml to what you have (see link for my new configuration): http://pastebin.com/8izuzfQD

        I still get no html in my target folder, all I'm getting is the xml. I'm running mvn compile findbugs:findbugs since mvn clean compile wasn't isn't even generating the xml.

        • Petri Jul 19, 2015 @ 11:13

          I found two problems from your new pom.xml file:

          First, the plugins element of your pom.xml file contains two different versions of the Maven Findbugs plugin.

          The first version has no configuration:

          
          <plugin>
          	<groupId>org.codehaus.mojo</groupId>
          	<artifactId>findbugs-maven-plugin</artifactId>
          	<version>3.0.1</version>
          </plugin>
          
          

          The second version contains the plugin configuration:

          
          <plugin>
          	<groupId>org.codehaus.mojo</groupId>
          	<artifactId>findbugs-maven-plugin</artifactId>
          	<version>2.5.2</version>
          	<!-- Configuration is omitted -->
          </plugin>
          
          

          Second, the you haven't configured the stylesheet that should be used by the XML Maven plugin (all stylesheets are commented out).

          The interesting thing is that your "original" POM file didn't suffer from these problems, and I could not find any problems from it. If you fix the issues mentioned in this comment, can you create the HTML report by using the command: mvn clean compile?

  • Natsume-kun Jul 23, 2015 @ 12:34

    hello, thank you for this guide. all went well but I can't seem to generate the HTML and XML reports. here is the Console Output:
    ==================================================================
    Started by user anonymous
    Building in workspace /root/.jenkins/jobs/Project_Natsume_5_FBCS_Maven/workspace
    Updating http://www.ntsp.nec.co.jp/svn/dcimp/Trunk/03 Support/03 References/Project_Natsume_FBCS_Maven at revision '2015-07-23T17:33:01.097 +0800'
    U pom.xml
    At revision 999
    [workspace] $ /bin/sh -xe /tmp/hudson7348871150164269863.sh
    + mvn install -e
    [INFO] Error stacktraces are turned on.
    [INFO] Scanning for projects...
    [INFO]
    [INFO] ------------------------------------------------------------------------
    [INFO] Building Project_Natsume_FBCS_Maven 0.0.1-SNAPSHOT
    [INFO] ------------------------------------------------------------------------
    [INFO]
    [INFO] >>> findbugs-maven-plugin:3.0.1:check (analyze-compile) > :findbugs @ Project_Natsume_FBCS_Maven >>>
    [INFO]
    [INFO] --- findbugs-maven-plugin:3.0.1:findbugs (findbugs) @ Project_Natsume_FBCS_Maven ---
    [INFO]
    [INFO] <<< findbugs-maven-plugin:3.0.1:check (analyze-compile) < :findbugs @ Project_Natsume_FBCS_Maven <<<
    [INFO]
    [INFO] --- findbugs-maven-plugin:3.0.1:check (analyze-compile) @ Project_Natsume_FBCS_Maven ---
    [INFO]
    [INFO] --- xml-maven-plugin:1.0:transform (default) @ Project_Natsume_FBCS_Maven ---
    [WARNING] No files found for transformation by stylesheet default.xsl
    [INFO]
    [INFO] --- maven-install-plugin:2.4:install (default-install) @ Project_Natsume_FBCS_Maven ---
    [INFO] Installing /root/.jenkins/jobs/Project_Natsume_5_FBCS_Maven/workspace/pom.xml to /root/.m2/repository/Project_Natsume_FBCS_Maven/Project_Natsume_FBCS_Maven/0.0.1-SNAPSHOT/Project_Natsume_FBCS_Maven-0.0.1-SNAPSHOT.pom
    [INFO] ------------------------------------------------------------------------
    [INFO] BUILD SUCCESS
    [INFO] ------------------------------------------------------------------------
    [INFO] Total time: 1.737 s
    [INFO] Finished at: 2015-07-23T17:33:05+08:00
    [INFO] Final Memory: 14M/37M
    [INFO] ------------------------------------------------------------------------
    Parsing POMs
    Modules changed, recalculating dependency graph
    [workspace] $ /usr/java/jdk1.8.0_45/bin/java -cp /root/.jenkins/plugins/maven-plugin/WEB-INF/lib/maven31-agent-1.5.jar:/opt/apache-maven-3.3.3/boot/plexus-classworlds-2.5.2.jar:/opt/apache-maven-3.3.3/conf/logging jenkins.maven3.agent.Maven31Main /opt/apache-maven-3.3.3 /root/.jenkins/war/WEB-INF/lib/remoting-2.51.jar /root/.jenkins/plugins/maven-plugin/WEB-INF/lib/maven31-interceptor-1.5.jar /root/.jenkins/plugins/maven-plugin/WEB-INF/lib/maven3-interceptor-commons-1.5.jar 39848
    channel started
    Executing Maven: -B -f /root/.jenkins/jobs/Project_Natsume_5_FBCS_Maven/workspace/pom.xml findbugs:findbugs
    [INFO] Scanning for projects...
    [INFO]
    [INFO] ------------------------------------------------------------------------
    [INFO] Building Project_Natsume_FBCS_Maven 0.0.1-SNAPSHOT
    [INFO] ------------------------------------------------------------------------
    [INFO]
    [INFO] --- findbugs-maven-plugin:3.0.1:findbugs (default-cli) @ Project_Natsume_FBCS_Maven ---
    [FINDBUGS] No report found for mojo findbugs
    [INFO] ------------------------------------------------------------------------
    [INFO] BUILD SUCCESS
    [INFO] ------------------------------------------------------------------------
    [INFO] Total time: 2.830 s
    [INFO] Finished at: 2015-07-23T17:33:11+08:00
    [INFO] Final Memory: 16M/39M
    [INFO] ------------------------------------------------------------------------
    [JENKINS] Archiving /root/.jenkins/jobs/Project_Natsume_5_FBCS_Maven/workspace/pom.xml to Project_Natsume_FBCS_Maven/Project_Natsume_FBCS_Maven/0.0.1-SNAPSHOT/Project_Natsume_FBCS_Maven-0.0.1-SNAPSHOT.pom
    [workspace] $ /bin/sh -xe /tmp/hudson814128745992522361.sh
    channel stopped
    + mvn clean compile
    [INFO] Scanning for projects...
    [INFO]
    [INFO] ------------------------------------------------------------------------
    [INFO] Building Project_Natsume_FBCS_Maven 0.0.1-SNAPSHOT
    [INFO] ------------------------------------------------------------------------
    [INFO]
    [INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ Project_Natsume_FBCS_Maven ---
    [INFO] Deleting /root/.jenkins/jobs/Project_Natsume_5_FBCS_Maven/workspace/target
    [INFO]
    [INFO] >>> findbugs-maven-plugin:3.0.1:check (analyze-compile) > :findbugs @ Project_Natsume_FBCS_Maven >>>
    [INFO]
    [INFO] --- findbugs-maven-plugin:3.0.1:findbugs (findbugs) @ Project_Natsume_FBCS_Maven ---
    [INFO]
    [INFO] <<< findbugs-maven-plugin:3.0.1:check (analyze-compile) < :findbugs @ Project_Natsume_FBCS_Maven <<<
    [INFO]
    [INFO] --- findbugs-maven-plugin:3.0.1:check (analyze-compile) @ Project_Natsume_FBCS_Maven ---
    [INFO]
    [INFO] --- xml-maven-plugin:1.0:transform (default) @ Project_Natsume_FBCS_Maven ---
    [WARNING] No files found for transformation by stylesheet default.xsl
    [INFO] ------------------------------------------------------------------------
    [INFO] BUILD SUCCESS
    [INFO] ------------------------------------------------------------------------
    [INFO] Total time: 1.801 s
    [INFO] Finished at: 2015-07-23T17:33:14+08:00
    [INFO] Final Memory: 15M/38M
    [INFO] ------------------------------------------------------------------------
    Finished: SUCCESS
    ==================================================================

    In my Configure settings, I set these settings:
    Pre Steps
    Execute Shell : mvn install
    Build
    Root POM : pom.xml
    Goals and Options : findbugs:findbugs
    Build Settings
    [checked] Publish FindBugs analysis results
    Post Steps
    Execute Shell : mvn clean compile

    I hope you can help me with this. newbie in Jenkins and Maven here. thanks :)

    • Petri Jul 23, 2015 @ 13:14

      Hi Natsume-kun,

      I noticed that you use the Maven Findbugs plugin 3.0.1. I am not sure if there are any differences between it and 2.5.2 (used by my example app), but I noticed some differences from the output. For example, a part of your output looks as follows:

      [INFO] — findbugs-maven-plugin:3.0.1:check (analyze-compile) @ Project_Natsume_FBCS_Maven —
      [INFO]
      [INFO] — xml-maven-plugin:1.0:transform (default) @ Project_Natsume_FBCS_Maven —
      [WARNING] No files found for transformation by stylesheet default.xsl

      On the other hand, the same section of my output looks as follows:

      [INFO] --- findbugs-maven-plugin:2.5.2:check (analyze-compile) @ findbugs-cookbook ---
      [INFO] BugInstance size is 2
      [INFO] Error size is 0
      [INFO] Total bugs: 2
      [INFO] Null pointer dereference of foo in net.petrikainulainen.maven.findbugs.Buggy.main(String[]) ["net.petrikainulainen.maven.findbugs.Buggy"] At Buggy.java:[lines 6-11]
      [INFO] Load of known null value in net.petrikainulainen.maven.findbugs.Buggy.main(String[]) ["net.petrikainulainen.maven.findbugs.Buggy"] At Buggy.java:[lines 6-11]
      [INFO]
      [INFO] --- xml-maven-plugin:1.0:transform (default) @ findbugs-cookbook ---
      [INFO] Transforming file: /Users/loke/Projects/Java/Blog/maven-examples/findbugs-cookbook/target/findbugs/findbugsXml.xml
      [INFO] Transformed 1 file(s).

      It seems that for some reason Findbugs doesn't create the XML report that is used to create the HTML report. Have you tried using the version 2.5.2? If you are using Java 8, you cannot do this since it doesn't work :(

      Also, can you create the XML report if you run the command: mvn compile findbugs:findbugs at the command prompt?

  • Arghya Jul 1, 2016 @ 12:51

    Awesome !! Thanks for showing html generation from XML.

    • Petri Jul 3, 2016 @ 12:36

      You are welcome.

  • Enigo Jul 29, 2016 @ 13:00

    Hi, Petri! Thank you for detailed tutorial!
    Recently I faced the problem to generate html reports in case of build failure and I've got a workaround solution for that (http://stackoverflow.com/a/38655823/5151575) . Probably it's worth including it in your post.

    Cheers.

    • Petri Aug 2, 2016 @ 13:41

      Hi Enigo,

      Thank you for the tip. I will update this blog post right away.

  • PJ Dec 9, 2016 @ 14:14

    great write-up, but I found it nearly impossible to read your examples as there is a lot of escaping going on in there, e.g. &amp;

    • Petri Dec 10, 2016 @ 22:18

      Thank for you pointing this annoying problem out. It should be fixed now.

  • haliy Jul 31, 2017 @ 14:05

    Hi,
    I am using maven-findbugs-plugin 3.0.4 version.During mvn execution, build fails with
    Caused by: org.apache.maven.plugin.MojoExecutionException: failed with 4 bugs and 0 errors
    These 4 bugs are having minimum rank (18 - reported by eclipse.).. So I want to skip these bugs during mvn executiong.
    How can I achieve this?

    I tried adding a filter file

    ${project.basedir}/findbugs-exclude-filter.xml

    cat findbugs-exclude-filter.xml

    I have configured these in parent pom..So I expect these settings are applied to my sub modules(maven child project).?.

    • haliy Jul 31, 2017 @ 14:08

      ..

      ...filterfile.xml
      ..
      ..

      • Petri Aug 1, 2017 @ 10:35

        Hi,

        Unfortunately you Wordpress strips the XML pasted to the comments. Can you add your filter file to Pastebin and share the link with me?

  • Aravind Nov 15, 2017 @ 14:02

    Hi Petri,
    Is there a way to make the maven build fail(when we run findbugs) , only if the number of bugs exceeds certain limit.

    Thanks,
    Aravind

  • Zemlyakov Stas Jan 28, 2018 @ 9:08

    Thanks a lot, this post saved couple of hours for me.

    • Petri Jan 28, 2018 @ 10:42

      You are welcome. I am happy to hear that this blog post was useful to you.

Leave a Reply