×
Find plugins

FindBugs
4.72Minimum Jenkins requirement: 1.625.1ID: findbugs

View FindBugs Plug-in on the plugin site for more information.

Older versions of this plugin may not be safe to use. Please review the following warnings before using an older version:

This plugin generates the trend report for FindBugs, an open source program which uses static analysis to look for bugs in Java code. 

Installation Requirements

This plug-in requires the utility plug-in "analysis-core" (called "Static Analysis Utilities" in the update manager). Please ensure that the latest version of this plug-in is also installed.

Description

(lightbulb) This plug-in is supported by the Static Analysis Collector plug-in that collects different analysis results and shows the results in aggregated trend graphs. Additionally, health reporting and build stability is also based on the aggregated results.

The FindBugs plug-in scans for findbugs.xml files in the build workspace and reports the number of warnings found. This plug-in is part of the suite of static code analysis plug-ins that are documented on a separate WIKI page.

The following features are provided by this plug-in:

  • Configuration of the files to scan after a build.
  • Build summary showing the new and fixed warnings of a build
  • Several trend reports showing the number of warnings per build
  • Overview of the found warnings per module, package, category, or type
    • Parsing of Maven pom.xml or Ant build.xml configuration files to obtain the module or project name
    • Parsing of Java or C# files to obtain the package or name space name
  • Detail reports of the found warnings optionally filtered by severity (or new and fixed)
    • Short messages is read from the report file
    • Detailed description is read from the FindBugs library or from the third-party plug-ins Find Security Bugs or fb-contrib
  • Colored HTML display of the corresponding source file and warning lines:
    • Direct link to the warning line
    • Highlighting of single lines as well as line ranges
    • Highlighting of multiple line ranges per warning (different color for primary range)
    • Tool tip describing the warning message
  • Failure threshold to mark a build as unstable
  • Configurable project health support
  • Support for the findbugs ant task and the maven-findbugs-plugin 1.1.1 and newer
  • Works with the freestyle and native m2 build option (activated on goal findbugs:findbugs or site)
  • Remote API to export the build quality and found warnings
  • Several tokens to simplify post processing of the results
  • Localization available for: DE, JA (Please help to localize findbugs for your locale!)

The current release is available in the download section. This plug-in is developed and maintained by Ullrich Hafner. Please use the mailing lists or issue tracker to ask questions, create feature request or bug reports, since I don't read the comment section on this page regularly.

Changelog

Release 4.72

Release 4.71

  • Compute author and commit information using the Git blame command. Show report of warnings by user on the job page and in the dashboard view. ( JENKINS-6748 - Analysis of Checkstyle Warnings per User RESOLVED )

Release 4.70

  • Added a new symbol for pipelines: findbugs

Release 4.65

Release 4.64

Release 4.63

  • Don't alter SAX environment variable anymore (JENKINS-27548)
  • Fixed resolving of files with relative paths in workspace (JENKINS-32150)

Release 4.62

  • Added support for the Pipeline plug-in (previously Workflow. Thanks to Antonio Muñiz and Manuel Recena for their PRs)
  • Fixed links in detail page of trend reports (JENKINS-29900)

Release 4.60

  • Update to FindBugs messages 3.0.1 (Thanks to amaembo for the pull request)

Release 4.59

  • Make links in trend graphs relative (JENKINS-21723)
  • Don't use logger when non-project files could not be found (JENKINS-21102)
  • Update of warning messages of findbugs-security detectors (thanks to Philippe Arteau for the pull request)

Release 4.58

  • Reverted XML escaping of messages (JENKINS-25511, JENKINS-17309)
  • Added option to use previous build as reference build when calculating new and fixed warnings (JENKINS-13458, thanks to Tom Saunders for the pull request)

Release 4.57 - new runtime requirement: at least Java 6

  • Added lazy loading of messages files (JENKINS-20874, thanks to Christopher for the pull request)
  • Improved labels (JENKINS-22165)
  • Removed leading slash from image UR (JENKINS-23677)
  • Fixed encoding problems with messages using cyrillic alphabet (JENKINS-22744)

Release 4.56

  • Tried to fix some class loading problems with dom4j (JENKINS-21256)

Release 4.51

  • Added a view column that shows the number of warnings in a job

Release 4.50

  • Make dependency to ant-plugin optional

Release 4.49

  • Fixed detection of warnings category in custom rules (thanks to Jesse Glick for the patch!)
  • Added some more fields that are exposed via the REST API (JENKINS-17767, thanks to Mihail Menev, Johann Vierthaler for the patch!)
  • Added Traditional Chinese translations (thanks to Pei-Tang Huang!)
  • Added system configuration option to disable console logging of all static analysis plug-ins (JENKINS-15246, thanks to Sebastian Seidl for the patch!)
  • Added system configuration option to fail a build when one of the static analysis plug-ins fails parsing its input (JENKINS-17663, thanks to Mihail Menev and Johann Vierthaler for the patch)
  • Fixed broken encoding handling in maven jobs (JENKINS-17657, thanks to André Lehmann!)

Release 4.48

Release 4.47

Release 4.46

  • Upgraded bug pattern messages to FindBugs 2.0.2
  • Added messages of FindBugs Security Bugs Plug-in
  • Show more details in the fixed warnings view (JENKINS-15959)
  • Aggregate the maven parent module results in failed builds when the failure is caused by a threshold being hit (JENKINS-15324, JENKINS-12342)
  • Optimized http requests for static resources in the analysis plugins (JENKINS-16571)
  • Fixed missing build overview in maven jobs (JENKINS-16518)
  • Always use Xerces when parsing XML files (JENKINS-15613)
  • Read pom.xml to obtain path of output files in maven jobs (JENKINS-16250)
  • Show error message as file content if the source files could not be transferred to the master (JENKINS-16222)

Release 4.45

Release 4.44

Release 4.43

Release 4.42

  • Reduce memory footprint of plug-in (thanks to Kohsuke for the patches)
  • Upgrade to YUI 2.9 (support for new bread crumbs and context menus: JENKINS-13532, thanks to OHTAKE Tomohiro for the patch)

Release 4.41

  • Show all values of difference graph

Release 4.40

  • Added hyperlinks to build summary if threshold is exceeded (JENKINS-12424)

Release 4.39

  • Added option to filter projects with zero warnings in the warnings dashboard portlet (JENKINS-12984)
  • Center the affected source line in source view (JENKINS-13491)
  • Fixed incompatibility of detail tabs with new bread crumb view (JENKINS-13532)

Release 4.38

  • Added a new portlet that shows the warning totals as a line graph

Release 4.37

  • Fixed another problem when trying to detect the correct findbugs xml file with maven 2 jobs (JENKINS-13090)

Release 4.36

Release 4.35

  • Fixed detection of findbugs results input file

Release 4.34

  • Show build result threshold evaluation information in build summary (JENKINS-12424)
  • Fixed plug-in configuration if used in conjunction with flexible-publisher plug-in (JENKINS-12182, JENKINS-8185)

Release 4.33

Release 4.32

  • Fixed initialization problem when configuring the plug-in for maven jobs. (JENKINS-12075)

Release 4.31

  • Fixed NPE while configuring a graph with no builds yet (JENKINS-12045)
  • Group warnings by relative path if the associated language has no package or namespace concept (JENKINS-11846)
  • Allow skipping of calculating "new" issues (JENKINS-11761)
  • Fixed display of 'Use delta for new warnings' option (JENKINS-11758)
  • Ignore 'new warnings' threshold in the first build (JENKINS-11718)

Release 4.30

  • Fixed enlarge link for trend graphs (JENKINS-11324)
  • Fixed visibility of 'enable trend graph' link
  • Fixed reading of results if analysis is invoked during 'mvn site' (JENKINS-10820)

Release 4.29

  • Ignore failed builds when evaluating the build history in trend graphs and new warnings calculation (JENKINS-10682)
  • Added OSGi bundle detection when grouping warnings by module (JENKINS-10681)
  • Use the path as a replacement for the package grouping for all warnings that are not from Java or C# files (issue 2)

Release 4.28

  • Added new tokens for token macro plug-in (JENKINS-10027): now tokens FINDBUGS_NEW, FINDBUGS_FIXED, FINDBUGS_COUNT and FINDBUGS_RESULT are available.

Release 4.27

Release 4.26

Release 4.25

  • Fixed display of trend graphs for maven jobs (report)

Release 4.24

  • Fixed health reporting and build failure/unstable thresholds for maven project type (JENKINS-4912, JENKINS-3514)
  • Fixed broken detail views when using a reverse proxy (JENKINS-3410, thanks to Benjamin Cabé for the fix)
  • Show the reference build that is used to compute new and fixed warnings (when build thresholds are set)
  • Improved logging statements when build is executed on a slave

Release 4.23

  • Added configuration option to enable automatic project and module name detection by reading all Ant project.xml and Maven pom.xml files (JENKINS-8915, JENKINS-9090)
  • Added preliminary support for the Token Macro Plugin: FINDBUGS_COUNT expands to the number of FindBugs warnings and FINDBUGS_RESULT expands to the plug-in build result (stable, unstable, failed)

Release 4.22

  • Added configuration option to enable automatic project and module name detection by reading all Ant project.xml and Maven pom.xml files (JENKINS-8915, JENKINS-9090)

Release 4.21

  • Fixed missing dependency to Hudson/Jenkins 1.395 (JENKINS-8509)

Release 4.20

  • Jenkins update to links and documentation
  • Show progress text while dashboard portlet graphs are created

Release 4.19

  • Added support for multi-configuration projects (JENKINS-6772)

Release 4.18

  • Fixed sorting of date labels of dashboard trend graphs (JENKINS-8476)
  • Fixed evaluation of builds that will be considered in the dashboard trend graph (JENKINS-8283)
  • Don't show FindBugs cloud information if the project is not registered in the cloud (JENKINS-8236)
  • Fixed wrong computation of the number of bugs that are new this week (JENKINS-8235)

Release 4.16

Release 4.15

Release 4.14

Release 4.13

  • Now uses Bug Rank to compute issue priority, a more accurate and modern method of determining seriousness of a bug
  • Added build status thresholds for each warning priority (JENKINS-3561)
  • Fixed warnings parsing if the SAX parser system property has been set to an illegal value (JENKINS-7312)
  • Added support for FindBugs Cloud
    • Bug details contain Cloud review info
    • Bugs marked as "Not a bug" are hidden from Hudson

Release 4.12

  • Fixed computation of module names for maven projects (JENKINS-6768)
  • Don't report an error message if a maven module does not contain a report file (JENKINS-6895)
  • Fixed ant links (JENKINS-6862)

Release 4.11

Release 4.10

  • Reduced number of false positives when computing new and fixed warnings (JENKINS-6669)

Release 4.9

Release 4.8

  • Fixed broken links to project page and overview image (JENKINS-6417)

Release 4.7

  • Added trend graph portlets for the dashboard view
  • Added option to start the plug-in even for failed builds (JENKINS-6117)
  • Added 'enlarge' link for trend graphs that shows a detail page with the graph
  • Fixed ordering of warnings in detail views (JENKINS-6132)
  • Fixed warning distribution graph in files detail view (JENKINS-6139)

Release 4.5

Release 4.4

  • New warnings computation is now based on the current build and the reference build (i.e., the last successful build, see JENKINS-5147)
  • Visualized plug-in build status (based on the healthiness thresholds)
  • Added high scores for successful builds
  • Don't show project action if there are no warnings (JENKINS-5473)
  • Don't show trend graph configuration on job creation (JENKINS-5294)
  • Improved remote API, now the warning keys are also exposed (JENKINS-5195)

Release 4.3

  • Fixed class loading problems due to a duplicate Apache bcel library in the classpath (JENKINS-5134)

Release 4.2

Release 4.1

  • Fixed trend report link if there are no results available yet (JENKINS-5156)
  • Fixed preview of trend reports
  • Added dependency to Hudson 1.337 due to a class loader bug in previous versions (JENKINS-4993)

Release 4.0

  • Extracted common code of the static code analysis plug-ins into a new utility plug-in "analysis-core"
  • Several bug fixes and small improvements

Release 1.x - 3.x ChangeLog

How To Use

1.    Install plugin, Manage Hudson> manage plugins >Available
2.    Restart app server/ Hudson
3.    Update pom.xml, add in a plugin in the reporting section

<project>

....

<reporting>

  <plugins>
     <plugin>
           <groupId>org.codehaus.mojo</groupId>
           <artifactId>findbugs-maven-plugin</artifactId>
           <version>2.5.2</version>
           <configuration>
              <findbugsXmlOutput>true</findbugsXmlOutput>
              <findbugsXmlWithMessages>true</findbugsXmlWithMessages>
              <xmlOutput>true</xmlOutput>
           </configuration>
        </plugin>

        ....

   </plugins>

  ....

</reporting>

...

</project>

4. In job configure go to build > goals and options, and add "findbugs:findbugs"

5. In the job definition you should now also have a "Publish FindBugs analysis results" checkbox under Build Settings, turn it on.
 

ArchivesGet past versions
Labels
Previous Security Warnings