Configuration Parameters

The threshold filters out any reports that have lower severity than the threshold.

The effort allows to change the tradeof between increased precision (and thus more found bugs) and usage of more memory and time to complete.

The filters allow specifying by class and method which bug categories to include/exclude in/from the reports. The filter format specification contains also useful examples. Another way to exclude bugs is to use FindBugs annotations, but those are not yet fully documented. The annotations also allow annotating more wanted usage information of fields and parameters allowing FindBugs to find more bugs. You can start by including the findbugs-annotations in your project classpath with provided scope.

The visitors option specifies a comma-separated list of bug detectors which should be run. The bug detectors are specified by their class names, without any package qualification. By default, all detectors which are not disabled by default are run.

The omitVisitors option is like the visitors attribute, except it specifies detectors which will not be run.

The pluginList option specifies a comma-separated list of optional BugDetector Jar files to add.

Please look up the FindBugs documentation about more information.

<reporting>
  ...
  <plugin>
    <groupId>org.codehaus.mojo</groupId>
    <artifactId>findbugs-maven-plugin</artifactId>
    <version>1.0-beta-1</version>
    <configuration>
      <threshold>High|Normal|Low|Exp|Ignore</threshold>
      <effort>Min|Default|Max</threshold>
      <excludeFilterFile>findbugs-exclude.xml</excludeFilterFile>
      <includeFilterFile>findbugs-include.xml</includeFilterFile>
      <visitors>FindDeadLocalStores,UnreadFields</visitors>
      <omitVisitors>FindDeadLocalStores,UnreadFields</omitVisitors>
      <pluginList>/libs/fb-contrib/fb-contrib-2.8.0.jar</pluginList>
    </configuration>
  </plugin>
  ...
</reporting>

Findbugs also cross-references with the JXR plugin to display code where issues exist.