gradoop icon indicating copy to clipboard operation
gradoop copied to clipboard

Published 20 hours ago verified publisher icon dbs-leipzig

Actually use FindBugs/SpotBugs.

Open p-f opened this issue 5 years ago • 1 comments

We already use FindBugs/SpotBugs in our build process, however the results are seemingly ignored. There are hundreds of warnings and errors throughout the project, we might want to have a look at those (although most of those should not be relevant).

We should therefore check our FindBugs/SpotBugs config and see how we can make use of it's results.

p-f avatar Apr 24 '19 12:04 p-f

The default threshold of Spotbugs is medium which means, that low confidence issues are suppressed. We can configure this by setting configuration <threshold>Low/Medium/High</threshold>. Setting it to low, the build fails during 29 found bugs.

Further Information: https://buildmedia.readthedocs.org/media/pdf/spotbugs/latest/spotbugs.pdf https://spotbugs.github.io/spotbugs-maven-plugin/examples/violationChecking.html https://github.com/spotbugs/spotbugs-gradle-plugin/issues/4 https://github.com/find-sec-bugs/find-sec-bugs/wiki/Maven-configuration

ChrizZz110 avatar Apr 24 '19 13:04 ChrizZz110