Jeeppler

@zigfridus I added some comments in your PR. I would prefer a single PR next time.

@zigfridus looks good. I would like to see some tests: unit and maybe integration tests. For example, if you change visibility of the `private String truncateStream()` method to `protected String...

All tests going forward should use Junit 5. Older once still use Junit 4.

@zigfridus First of all those tests look great. Using the `String.repeat()` is a nice idea 👍. One small cosmetic thing. If I use `jshell` (interactive Java Shell) for `String.repeat()`, I...

@zigfridus I reviewed your PR, thanks for creating it.

SpotBugs does support JDK 21, but FindSecBugs does use an old version of SpotBugs. In essence, FindSecBug needs a new release to support Java 21.

Yes, the problem is with the standalone version. If you go to the latest [FindSecurityBugs release 1.12.0](https://github.com/find-sec-bugs/find-sec-bugs/releases/tag/version-1.12.0) and download the `findsecbugs-cli-1.12.0.zip` you will end up with the following structure: ~~~...

Awesome, this simple change will solve #688 as well.

Is it possible to have a new release afterwards?

Based on my experience it is possible to create SARIF reports using FindSecBugs. [SecHub](https://github.com/mercedes-benz/sechub) has a [Dockerized solution for FindSecBugs](https://github.com/mercedes-benz/sechub/blob/develop/sechub-pds-solutions/findsecuritybugs/docker/scripts/findsecuritybugs.sh#L161) and we have no problem creating SARIF reports. From me...