The FindBugs plugin runs FindBugs bytecode analysis on Java class files and looks for various bug patterns not reported by the compiler.
A full description of FindBugs can be found on the FindBugs home page.
This plugin uses FindBugs 3.0.1 which requires Java 1.7.0 or later to run.
FindBugs support is provided by a plugin distributed to [pypi]
(https://pypi.python.org/pypi/pantsbuild.pants.contrib.findbugs).
Assuming you have already installed pants, you'll need to
add the FindBugs plugin in your pants.ini
, like so:
[GLOBAL]
pants_version: 1.0.0
plugins: [
'pantsbuild.pants.contrib.findbugs==%(pants_version)s',
]
When you run ./pants compile
the plugin is executed after the compile step and will run FindBugs
on any java_library
or junit_tests
targets.
./pants compile <target>
...
00:07:42 00:00 [compile]
00:07:42 00:00 [zinc]
00:07:42 00:00 [jvm-dep-check]
00:07:42 00:00 [checkstyle]
00:07:42 00:00 [findbugs]
Invalidated 7 targets.
00:07:42 00:00 [findbugs]
...
The plugin currently supports the following subset of the FindBugs command line options.
--compile-findbugs-effort=<str> (one of: [min, less, default, more, max] default: 'default')
Effort of the bug finders.
--compile-findbugs-exclude-filter-file=<file_option> (default: None)
Exclude bugs matching given filter
--compile-findbugs-include-filter-file=<file_option> (default: None)
Include only bugs matching given filter
--compile-findbugs-max-rank=<int> (default: None)
Maximum bug ranking to record [1..20].
--[no-]compile-findbugs-nested (default: True)
Analyze nested jar/zip archives
--[no-]compile-findbugs-relaxed (default: False)
Relaxed reporting mode
--compile-findbugs-threshold=<str> (one of: [low, medium, high, experimental] default: 'medium')
Effort of the bug finders.
The plugin will not fail the build unless you enable
--[no-]compile-findbugs-fail-on-error (default: False)
Fail the build on an error.
If you enable this option then you may also want to set --compile-findbugs-max-rank
so the build will
only fail for bugs above a certain rank.
Alternatively you can exclude files with the --compile-findbugs-exclude-patterns
and setup a findbugsExclude.xml fill
to filter out specific bug reports. The format of the exclude file is documented on the FindBugs site.
Here are example settings that fail the build only for highly ranked bugs and exclude all test files
[compile.findbugs]
max_rank: 4
fail_on_error: True
exclude_patterns: [".*/tests/java/.*"]
The task will report bugs to stdout as it runs. Alternatively, if you want to process or store the
XML files generated by FindBugs they will be available under .pants.d/compile/findbugs
after you run the
plugin.