FindBugs Plugin

Skip to end of metadata
Go to start of metadata

Plugin Information

Plugin ID findbugs Changes In Latest Release
Since Latest Release
Latest Release
Latest Release Date
Required Core
4.63 (archives)
Nov 28, 2015
analysis-core (version:1.75)
maven-plugin (version:2.9)
dashboard-view (version:2.9.4, optional)
matrix-project (version:1.2.1)
token-macro (version:1.10, optional)
Source Code
Issue Tracking
Pull Requests
Open Issues
Pull Requests
Ulli Hafner (id: drulli)
Usage Installations 2014-Nov 9600
2014-Dec 9497
2015-Jan 9760
2015-Feb 9722
2015-Mar 10185
2015-Apr 10164
2015-May 9987
2015-Jun 10264
2015-Jul 10352
2015-Aug 10223
2015-Sep 10353
2015-Oct 10405

This plugin generates the trend report for FindBugs, an open source program which uses static analysis to look for bugs in Java code. 

Installation Requirements
This plug-in requires the utility plug-in "analysis-core" (called "Static Analysis Utilities" in the update manager). Please ensure that the latest version of this plug-in is also installed.

It's about 5 years now since my first Jenkins commit. I hope that you all enjoy using my static code analysis plug-ins and that these plug-ins are very helpful for your projects! There is now an easy way to support the development of these open source plug-ins I just released my Android game Inca Trails. So feel free to support my work for Jenkins by buying this game in Google Play. Of course, the game is worth its price anyway


This plug-in is supported by the Static Analysis Collector plug-in that collects different analysis results and shows the results in aggregated trend graphs. Additionally, health reporting and build stability is also based on the aggregated results.

The FindBugs plug-in scans for findbugs.xml files in the build workspace and reports the number of warnings found. This plug-in is part of the suite of static code analysis plug-ins that are documented on a separate WIKI page.

The following features are provided by this plug-in:

  • Configuration of the files to scan after a build.
  • Build summary showing the new and fixed warnings of a build
  • Several trend reports showing the number of warnings per build
  • Overview of the found warnings per module, package, category, or type
    • Parsing of Maven pom.xml or Ant build.xml configuration files to obtain the module or project name
    • Parsing of Java or C# files to obtain the package or name space name
  • Detail reports of the found warnings optionally filtered by severity (or new and fixed)
    • Short messages is read from the report file
    • Detailed description is read from the FindBugs library or from the third-party plug-ins Find Security Bugs or fb-contrib
  • Colored HTML display of the corresponding source file and warning lines:
    • Direct link to the warning line
    • Highlighting of single lines as well as line ranges
    • Highlighting of multiple line ranges per warning (different color for primary range)
    • Tool tip describing the warning message
  • Failure threshold to mark a build as unstable
  • Configurable project health support
  • Support for the findbugs ant task and the maven-findbugs-plugin 1.1.1 and newer
  • Works with the freestyle and native m2 build option (activated on goal findbugs:findbugs or site)
  • Remote API to export the build quality and found warnings
  • Several tokens to simplify post processing of the results
  • Localization available for: DE, JA (Please help to localize findbugs for your locale!)

The current release is available in the download section. This plug-in is developed and maintained by Ullrich Hafner. Please use the mailing lists or issue tracker to ask questions, create feature request or bug reports, since I don't read the comment section on this page regularly.


You can support the development of this open source plug-in by buying my Android game Inca Trails in Google Play!

Release 4.62

  • Added support for workflow plug-in (Thanks to Antonio Muñiz and Manuel Recena for their PRs)
  • Fixed links in detail page of trend reports (JENKINS-29900)

Release 4.60

  • Update to FindBugs messages 3.0.1 (Thanks to amaembo for the pull request)

Release 4.59

  • Make links in trend graphs relative (JENKINS-21723)
  • Don't use logger when non-project files could not be found (JENKINS-21102)
  • Update of warning messages of findbugs-security detectors (thanks to Philippe Arteau for the pull request)

Release 4.58

  • Reverted XML escaping of messages (JENKINS-25511, JENKINS-17309)
  • Added option to use previous build as reference build when calculating new and fixed warnings (JENKINS-13458, thanks to Tom Saunders for the pull request)

Release 4.57 - new runtime requirement: at least Java 6

  • Added lazy loading of messages files (JENKINS-20874, thanks to Christopher for the pull request)
  • Improved labels (JENKINS-22165)
  • Removed leading slash from image UR (JENKINS-23677)
  • Fixed encoding problems with messages using cyrillic alphabet (JENKINS-22744)

Release 4.56

  • Tried to fix some class loading problems with dom4j (JENKINS-21256)

Release 4.51

  • Added a view column that shows the number of warnings in a job

Release 4.50

  • Make dependency to ant-plugin optional

Release 4.49

  • Fixed detection of warnings category in custom rules (thanks to Jesse Glick for the patch!)
  • Added some more fields that are exposed via the REST API (JENKINS-17767, thanks to Mihail Menev, Johann Vierthaler for the patch!)
  • Added Traditional Chinese translations (thanks to Pei-Tang Huang!)
  • Added system configuration option to disable console logging of all static analysis plug-ins (JENKINS-15246, thanks to Sebastian Seidl for the patch!)
  • Added system configuration option to fail a build when one of the static analysis plug-ins fails parsing its input (JENKINS-17663, thanks to Mihail Menev and Johann Vierthaler for the patch)
  • Fixed broken encoding handling in maven jobs (JENKINS-17657, thanks to André Lehmann!)

Release 4.48

Release 4.47

Release 4.46

  • Upgraded bug pattern messages to FindBugs 2.0.2
  • Added messages of FindBugs Security Bugs Plug-in
  • Show more details in the fixed warnings view (JENKINS-15959)
  • Aggregate the maven parent module results in failed builds when the failure is caused by a threshold being hit (JENKINS-15324, JENKINS-12342)
  • Optimized http requests for static resources in the analysis plugins (JENKINS-16571)
  • Fixed missing build overview in maven jobs (JENKINS-16518)
  • Always use Xerces when parsing XML files (JENKINS-15613)
  • Read pom.xml to obtain path of output files in maven jobs (JENKINS-16250)
  • Show error message as file content if the source files could not be transferred to the master (JENKINS-16222)

Release 4.45

Release 4.44

Release 4.43

Release 4.42

  • Reduce memory footprint of plug-in (thanks to Kohsuke for the patches)
  • Upgrade to YUI 2.9 (support for new bread crumbs and context menus: JENKINS-13532, thanks to OHTAKE Tomohiro for the patch)

Release 4.41

  • Show all values of difference graph

Release 4.40

  • Added hyperlinks to build summary if threshold is exceeded (JENKINS-12424)

Release 4.39

  • Added option to filter projects with zero warnings in the warnings dashboard portlet (JENKINS-12984)
  • Center the affected source line in source view (JENKINS-13491)
  • Fixed incompatibility of detail tabs with new bread crumb view (JENKINS-13532)

Release 4.38

  • Added a new portlet that shows the warning totals as a line graph

Release 4.37

  • Fixed another problem when trying to detect the correct findbugs xml file with maven 2 jobs (JENKINS-13090)

Release 4.36

Release 4.35

  • Fixed detection of findbugs results input file

Release 4.34

  • Show build result threshold evaluation information in build summary (JENKINS-12424)
  • Fixed plug-in configuration if used in conjunction with flexible-publisher plug-in (JENKINS-12182, JENKINS-8185)

Release 4.33

Release 4.32

  • Fixed initialization problem when configuring the plug-in for maven jobs. (JENKINS-12075)

Release 4.31

  • Fixed NPE while configuring a graph with no builds yet (JENKINS-12045)
  • Group warnings by relative path if the associated language has no package or namespace concept (JENKINS-11846)
  • Allow skipping of calculating "new" issues (JENKINS-11761)
  • Fixed display of 'Use delta for new warnings' option (JENKINS-11758)
  • Ignore 'new warnings' threshold in the first build (JENKINS-11718)

Release 4.30

  • Fixed enlarge link for trend graphs (JENKINS-11324)
  • Fixed visibility of 'enable trend graph' link
  • Fixed reading of results if analysis is invoked during 'mvn site' (JENKINS-10820)

Release 4.29

  • Ignore failed builds when evaluating the build history in trend graphs and new warnings calculation (JENKINS-10682)
  • Added OSGi bundle detection when grouping warnings by module (JENKINS-10681)
  • Use the path as a replacement for the package grouping for all warnings that are not from Java or C# files (issue 2)

Release 4.28

  • Added new tokens for token macro plug-in (JENKINS-10027): now tokens FINDBUGS_NEW, FINDBUGS_FIXED, FINDBUGS_COUNT and FINDBUGS_RESULT are available.

Release 4.27

Release 4.26

Release 4.25

  • Fixed display of trend graphs for maven jobs (report)

Release 4.24

  • Fixed health reporting and build failure/unstable thresholds for maven project type (JENKINS-4912, JENKINS-3514)
  • Fixed broken detail views when using a reverse proxy (JENKINS-3410, thanks to Benjamin Cabé for the fix)
  • Show the reference build that is used to compute new and fixed warnings (when build thresholds are set)
  • Improved logging statements when build is executed on a slave

Release 4.23

  • Added configuration option to enable automatic project and module name detection by reading all Ant project.xml and Maven pom.xml files (JENKINS-8915, JENKINS-9090)
  • Added preliminary support for the Token Macro Plugin: FINDBUGS_COUNT expands to the number of FindBugs warnings and FINDBUGS_RESULT expands to the plug-in build result (stable, unstable, failed)

Release 4.22

  • Added configuration option to enable automatic project and module name detection by reading all Ant project.xml and Maven pom.xml files (JENKINS-8915, JENKINS-9090)

Release 4.21

  • Fixed missing dependency to Hudson/Jenkins 1.395 (JENKINS-8509)

Release 4.20

  • Jenkins update to links and documentation
  • Show progress text while dashboard portlet graphs are created

Release 4.19

  • Added support for multi-configuration projects (JENKINS-6772)

Release 4.18

  • Fixed sorting of date labels of dashboard trend graphs (JENKINS-8476)
  • Fixed evaluation of builds that will be considered in the dashboard trend graph (JENKINS-8283)
  • Don't show FindBugs cloud information if the project is not registered in the cloud (JENKINS-8236)
  • Fixed wrong computation of the number of bugs that are new this week (JENKINS-8235)

Release 4.16

Release 4.15

Release 4.14

Release 4.13

  • Now uses Bug Rank to compute issue priority, a more accurate and modern method of determining seriousness of a bug
  • Added build status thresholds for each warning priority (JENKINS-3561)
  • Fixed warnings parsing if the SAX parser system property has been set to an illegal value (JENKINS-7312)
  • Added support for FindBugs Cloud
    • Bug details contain Cloud review info
    • Bugs marked as "Not a bug" are hidden from Hudson

Release 4.12

  • Fixed computation of module names for maven projects (JENKINS-6768)
  • Don't report an error message if a maven module does not contain a report file (JENKINS-6895)
  • Fixed ant links (JENKINS-6862)

Release 4.11

Release 4.10

  • Reduced number of false positives when computing new and fixed warnings (JENKINS-6669)

Release 4.9

Release 4.8

  • Fixed broken links to project page and overview image (JENKINS-6417)

Release 4.7

  • Added trend graph portlets for the dashboard view
  • Added option to start the plug-in even for failed builds (JENKINS-6117)
  • Added 'enlarge' link for trend graphs that shows a detail page with the graph
  • Fixed ordering of warnings in detail views (JENKINS-6132)
  • Fixed warning distribution graph in files detail view (JENKINS-6139)

Release 4.5

Release 4.4

  • New warnings computation is now based on the current build and the reference build (i.e., the last successful build, see JENKINS-5147)
  • Visualized plug-in build status (based on the healthiness thresholds)
  • Added high scores for successful builds
  • Don't show project action if there are no warnings (JENKINS-5473)
  • Don't show trend graph configuration on job creation (JENKINS-5294)
  • Improved remote API, now the warning keys are also exposed (JENKINS-5195)

Release 4.3

  • Fixed class loading problems due to a duplicate Apache bcel library in the classpath (JENKINS-5134)

Release 4.2

  • Added support for the new plug-in [Static Analysis Collector plug-in] to provide combined trend graphs and health reporting (JENKINS-3320)
  • Improved remote API, now the warnings are also exposed (JENKINS-5195)

Release 4.1

  • Fixed trend report link if there are no results available yet (JENKINS-5156)
  • Fixed preview of trend reports
  • Added dependency to Hudson 1.337 due to a class loader bug in previous versions (JENKINS-4993)

Release 4.0

  • Extracted common code of the static code analysis plug-ins into a new utility plug-in "analysis-core"
  • Several bug fixes and small improvements

Release 1.x - 3.x ChangeLog

How To Use

1.    Install plugin, Manage Hudson> manage plugins >Available
2.    Restart app server/ Hudson
3.    Update pom.xml, add in a plugin in the reporting section











4. In job configure go to build > goals and options, and add "findbugs:findbugs"

5. In the job definition you should now also have a "Publish FindBugs analysis results" checkbox under Build Settings, turn it on.


plugin-maven plugin-maven Delete
plugin-report plugin-report Delete
supports-dashboard-view supports-dashboard-view Delete
token-producer token-producer Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Add Comment