This plugin generates a FindBugs report.
The threshold filters out any reports that have lower severity than the threshold.
The effort allows to change the tradeof between increased precision (and thus more found bugs) and usage of more memory and time to complete.
The filters allow specifying by class and method which bug categories to include/exclude in/from the reports. The filter format specification also contains useful examples. Another way to exclude bugs is to use FindBugs annotations, but those are not yet fully documented. The annotations also allow annotating more wanted usage information of fields and parameters allowing FindBugs to find more bugs. You can start by including the findbugs-annotations in your project classpath with provided scope.
The visitors option specifies a comma-separated list of bug detectors which should be run. The bug detectors are specified by their class names, without any package qualification. By default, all detectors which are not disabled by default are run.
The omitVisitors option is like the visitors attribute, except it specifies detectors which will not be run.
The pluginList option specifies a comma-separated list of optional BugDetector Jar files to add.
The onlyAnalyze option restricts analysis to find bugs to given comma-separated list of classes and packages.
Please look up the FindBugs documentation for more information.
<project>
[...]
<reporting>
[...]
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<version>1.2.1</version>
<configuration>
<xmlOutput>true|false</xmlOutput>
<xmlOutputDirectory>directory location of findbugs xdoc xml report</xmlOutputDirectory>
<threshold>High|Normal|Low|Exp|Ignore</threshold>
<effort>Min|Default|Max</effort>
<excludeFilterFile>findbugs-exclude.xml</excludeFilterFile>
<includeFilterFile>findbugs-include.xml</includeFilterFile>
<visitors>FindDeadLocalStores,UnreadFields</visitors>
<omitVisitors>FindDeadLocalStores,UnreadFields</omitVisitors>
<onlyAnalyze>org.codehaus.mojo.findbugs.*</onlyAnalyze>
<pluginList>/libs/fb-contrib/fb-contrib-2.8.0.jar</pluginList>
<debug>true|false</debug>
<relaxed>true|false</relaxed>
<findbugsXmlOutput>true|false</findbugsXmlOutput>
<findbugsXmlOutputDirectory>directory location of findbugs legact xml format report</findbugsXmlOutputDirectory>
</configuration>
</plugin>
[...]
</reporting>
[...]
</project>Findbugs also cross-references with the JXR plugin to display the code where issues exist.
When running findbugs on a project, the default heap size might not be enough to complete the build. For now there is no way to fork findbugs and run with its own memory requirements, but the following system variable will allow you to do so for Maven:
export MAVEN_OPTS=-Xmx384M
Using the findbugs:findbugs goal only generates the xml reports.