FindBugs Plugin

Skip to end of metadata
Go to start of metadata

Plugin Information

Plugin ID findbugs Changes In Latest Release
Since Latest Release
Latest Release
Latest Release Date
Required Core
Dependencies
4.56
Mar 10, 2014
1.424
analysis-core (version:1.55)
dashboard-view (version:2.2, optional)
maven-plugin (version:1.424, optional)
token-macro (version:1.5.1, optional)
Source Code
Issue Tracking
Maintainer(s)
GitHub
Open Issues
Ulli Hafner (id: drulli)
Usage Installations 2013-Apr 7679
2013-May 7701
2013-Jun 7785
2013-Jul 8121
2013-Aug 7950
2013-Sep 8127
2013-Oct 8306
2013-Nov 8214
2013-Dec 8181
2014-Jan 8565
2014-Feb 8760
2014-Mar 9059

This plugin generates the trend report for FindBugs, an open source program which uses static analysis to look for bugs in Java code. 

Installation Requirements
This plug-in requires the utility plug-in "analysis-core" (called "Static Analysis Utilities" in the update manager). Please ensure that the latest version of this plug-in is also installed.

It's about 5 years now since my first Jenkins commit. I hope that you all enjoy using my static code analysis plug-ins and that these plug-ins are very helpful for your projects! There is now an easy way to support the development of these open source plug-ins I just released my Android game Inca Trails. So feel free to support my work for Jenkins by buying this game in Google Play. Of course, the game is worth its price anyway

Description

This plug-in is supported by the Static Analysis Collector plug-in that collects different analysis results and shows the results in aggregated trend graphs. Additionally, health reporting and build stability is also based on the aggregated results.

The FindBugs plug-in scans for findbugs.xml files in the build workspace and reports the number of warnings found. This plug-in is part of the suite of static code analysis plug-ins that are documented on a separate WIKI page.

The following features are provided by this plug-in:

  • Configuration of the files to scan after a build.
  • Build summary showing the new and fixed warnings of a build
  • Several trend reports showing the number of warnings per build
  • Overview of the found warnings per module, package, category, or type
    • Parsing of Maven pom.xml or Ant build.xml configuration files to obtain the module or project name
    • Parsing of Java or C# files to obtain the package or name space name
  • Detail reports of the found warnings optionally filtered by severity (or new and fixed)
    • Short messages is read from the report file
    • Detailed description is read from the FindBugs library or from the third-party plug-ins Find Security Bugs or fb-contrib
  • Colored HTML display of the corresponding source file and warning lines:
    • Direct link to the warning line
    • Highlighting of single lines as well as line ranges
    • Highlighting of multiple line ranges per warning (different color for primary range)
    • Tool tip describing the warning message
  • Failure threshold to mark a build as unstable
  • Configurable project health support
  • Support for the findbugs ant task and the maven-findbugs-plugin 1.1.1 and newer
  • Works with the freestyle and native m2 build option (activated on goal findbugs:findbugs or site)
  • Remote API to export the build quality and found warnings
  • Several tokens to simplify post processing of the results
  • Localization available for: DE, JA (Please help to localize findbugs for your locale!)

The current release is available in the download section. This plug-in is developed and maintained by Ullrich Hafner. Please use the mailing lists or issue tracker to ask questions, create feature request or bug reports, since I don't read the comment section on this page regularly.

Changelog

You can support the development of this open source plug-in by buying my Android game Inca Trails in Google Play!

Release 4.56

  • Tried to fix some class loading problems with dom4j (issue #21256)

Release 4.51

  • Added a view column that shows the number of warnings in a job

Release 4.50

  • Make dependency to ant-plugin optional

Release 4.49

  • Fixed detection of warnings category in custom rules (thanks to Jesse Glick for the patch!)
  • Added some more fields that are exposed via the REST API (issue #17767, thanks to Mihail Menev, Johann Vierthaler for the patch!)
  • Added Traditional Chinese translations (thanks to Pei-Tang Huang!)
  • Added system configuration option to disable console logging of all static analysis plug-ins (issue #15246, thanks to Sebastian Seidl for the patch!)
  • Added system configuration option to fail a build when one of the static analysis plug-ins fails parsing its input (issue #17663, thanks to Mihail Menev and Johann Vierthaler for the patch)
  • Fixed broken encoding handling in maven jobs (issue #17657, thanks to André Lehmann!)

Release 4.48

Release 4.47

Release 4.46

  • Upgraded bug pattern messages to FindBugs 2.0.2
  • Added messages of FindBugs Security Bugs Plug-in
  • Show more details in the fixed warnings view (issue #15959)
  • Aggregate the maven parent module results in failed builds when the failure is caused by a threshold being hit (issue #15324, issue #12342)
  • Optimized http requests for static resources in the analysis plugins (issue #16571)
  • Fixed missing build overview in maven jobs (issue #16518)
  • Always use Xerces when parsing XML files (issue #15613)
  • Read pom.xml to obtain path of output files in maven jobs (issue #16250)
  • Show error message as file content if the source files could not be transferred to the master (issue #16222)

Release 4.45

  • Added option to consider only stable builds when calculating new warnings (Thanks to David Pärsson for the patch, issue #15037)
  • Fixed NPE when comparing warnings (issue #15414, issue #15250)
  • Fixed CPE due to conflicting versions of dom4j (issue #15344)

Release 4.44

Release 4.43

Release 4.42

  • Reduce memory footprint of plug-in (thanks to Kohsuke for the patches)
  • Upgrade to YUI 2.9 (support for new bread crumbs and context menus: issue #13532, thanks to OHTAKE Tomohiro for the patch)

Release 4.41

  • Show all values of difference graph

Release 4.40

  • Added hyperlinks to build summary if threshold is exceeded (issue #12424)

Release 4.39

  • Added option to filter projects with zero warnings in the warnings dashboard portlet (issue #12984)
  • Center the affected source line in source view (issue #13491)
  • Fixed incompatibility of detail tabs with new bread crumb view (issue #13532)

Release 4.38

  • Added a new portlet that shows the warning totals as a line graph

Release 4.37

  • Fixed another problem when trying to detect the correct findbugs xml file with maven 2 jobs (issue #13090)

Release 4.36

Release 4.35

  • Fixed detection of findbugs results input file

Release 4.34

  • Show build result threshold evaluation information in build summary (issue #12424)
  • Fixed plug-in configuration if used in conjunction with flexible-publisher plug-in (issue #12182, issue #8185)

Release 4.33

  • Upgrade to FindBugs 2.0.0 and fb-contrib 4.6.1 (issue #12314)

Release 4.32

  • Fixed initialization problem when configuring the plug-in for maven jobs. (issue #12075)

Release 4.31

  • Fixed NPE while configuring a graph with no builds yet (issue #12045)
  • Group warnings by relative path if the associated language has no package or namespace concept (issue #11846)
  • Allow skipping of calculating "new" issues (issue #11761)
  • Fixed display of 'Use delta for new warnings' option (issue #11758)
  • Ignore 'new warnings' threshold in the first build (issue #11718)

Release 4.30

  • Fixed enlarge link for trend graphs (issue #11324)
  • Fixed visibility of 'enable trend graph' link
  • Fixed reading of results if analysis is invoked during 'mvn site' (issue #10820)

Release 4.29

  • Ignore failed builds when evaluating the build history in trend graphs and new warnings calculation (issue #10682)
  • Added OSGi bundle detection when grouping warnings by module (issue #10681)
  • Use the path as a replacement for the package grouping for all warnings that are not from Java or C# files (issue 2)

Release 4.28

  • Added new tokens for token macro plug-in (issue #10027): now tokens FINDBUGS_NEW, FINDBUGS_FIXED, FINDBUGS_COUNT and FINDBUGS_RESULT are available.

Release 4.27

Release 4.26

Release 4.25

  • Fixed display of trend graphs for maven jobs (report)

Release 4.24

  • Fixed health reporting and build failure/unstable thresholds for maven project type (issue #4912, issue #3514)
  • Fixed broken detail views when using a reverse proxy (issue #3410, thanks to Benjamin Cabé for the fix)
  • Show the reference build that is used to compute new and fixed warnings (when build thresholds are set)
  • Improved logging statements when build is executed on a slave

Release 4.23

  • Added configuration option to enable automatic project and module name detection by reading all Ant project.xml and Maven pom.xml files (issue #8915, issue #9090)
  • Added preliminary support for the Token Macro Plugin: FINDBUGS_COUNT expands to the number of FindBugs warnings and FINDBUGS_RESULT expands to the plug-in build result (stable, unstable, failed)

Release 4.22

  • Added configuration option to enable automatic project and module name detection by reading all Ant project.xml and Maven pom.xml files (issue #8915, issue #9090)

Release 4.21

  • Fixed missing dependency to Hudson/Jenkins 1.395 (issue #8509)

Release 4.20

  • Jenkins update to links and documentation
  • Show progress text while dashboard portlet graphs are created

Release 4.19

  • Added support for multi-configuration projects (issue #6772)

Release 4.18

  • Fixed sorting of date labels of dashboard trend graphs (issue #8476)
  • Fixed evaluation of builds that will be considered in the dashboard trend graph (issue #8283)
  • Don't show FindBugs cloud information if the project is not registered in the cloud (issue #8236)
  • Fixed wrong computation of the number of bugs that are new this week (issue #8235)

Release 4.16

Release 4.15

Release 4.14

Release 4.13

  • Now uses Bug Rank to compute issue priority, a more accurate and modern method of determining seriousness of a bug
  • Added build status thresholds for each warning priority (issue #3561)
  • Fixed warnings parsing if the SAX parser system property has been set to an illegal value (issue #7312)
  • Added support for FindBugs Cloud
    • Bug details contain Cloud review info
    • Bugs marked as "Not a bug" are hidden from Hudson

Release 4.12

  • Fixed computation of module names for maven projects (issue #6768)
  • Don't report an error message if a maven module does not contain a report file (issue #6895)
  • Fixed ant links (issue #6862)

Release 4.11

Release 4.10

  • Reduced number of false positives when computing new and fixed warnings (issue #6669)

Release 4.9

Release 4.8

  • Fixed broken links to project page and overview image (issue #6417)

Release 4.7

  • Added trend graph portlets for the dashboard view
  • Added option to start the plug-in even for failed builds (issue #6117)
  • Added 'enlarge' link for trend graphs that shows a detail page with the graph
  • Fixed ordering of warnings in detail views (issue #6132)
  • Fixed warning distribution graph in files detail view (issue #6139)

Release 4.5

Release 4.4

  • New warnings computation is now based on the current build and the reference build (i.e., the last successful build, see issue #5147)
  • Visualized plug-in build status (based on the healthiness thresholds)
  • Added high scores for successful builds
  • Don't show project action if there are no warnings (issue #5473)
  • Don't show trend graph configuration on job creation (issue #5294)
  • Improved remote API, now the warning keys are also exposed (issue #5195)

Release 4.3

  • Fixed class loading problems due to a duplicate Apache bcel library in the classpath (issue #5134)

Release 4.2

  • Added support for the new plug-in [Static Analysis Collector plug-in] to provide combined trend graphs and health reporting (issue #3320)
  • Improved remote API, now the warnings are also exposed (issue #5195)

Release 4.1

  • Fixed trend report link if there are no results available yet (issue #5156)
  • Fixed preview of trend reports
  • Added dependency to Hudson 1.337 due to a class loader bug in previous versions (issue #4993)

Release 4.0

  • Extracted common code of the static code analysis plug-ins into a new utility plug-in "analysis-core"
  • Several bug fixes and small improvements

Release 1.x - 3.x ChangeLog

How To Use

1.    Install plugin, Manage Hudson> manage plugins >Available
2.    Restart app server/ Hudson
3.    Update pom.xml, add in a plugin in the reporting section

<project>

....

<reporting>

  <plugins>
     <plugin>
           <groupId>org.codehaus.mojo</groupId>
           <artifactId>findbugs-maven-plugin</artifactId>
           <version>2.5.2</version>
           <configuration>
              <findbugsXmlOutput>true</findbugsXmlOutput>
              <findbugsXmlWithMessages>true</findbugsXmlWithMessages>
              <xmlOutput>true</xmlOutput>
           </configuration>
        </plugin>

        ....

   </plugins>

  ....

</reporting>

...

</project>

4. In job configure go to build > goals and options, and add "findbugs:findbugs"

5. In the job definition you should now also have a "Publish FindBugs analysis results" checkbox under Build Settings, turn it on.
 

Labels

Edit
plugin-maven plugin-maven Delete
plugin-report plugin-report Delete
supports-dashboard-view supports-dashboard-view Delete
token-producer token-producer Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Add Comment