FindBugs
Developer(s) | Bill Pugh and David Hovemeyer |
---|---|
Initial release | 10 June 2006[1] |
Stable release | 3.0.1
/ March 6, 2015 |
Repository | |
Written in | Java |
Operating system | Cross-platform |
Type | Static code analysis |
License | GNU Lesser General Public License |
Website | findbugs |
FindBugs is an open-source static code analyser created by Bill Pugh and David Hovemeyer which detects possible bugs in Java programs.[2][3] Potential errors are classified in four ranks: (i) scariest, (ii) scary, (iii) troubling and (iv) of concern. This is a hint to the developer about their possible impact or severity.[4] FindBugs operates on Java bytecode, rather than source code. The software is distributed as a stand-alone GUI application. There are also plug-ins available for Eclipse,[5] NetBeans,[6] IntelliJ IDEA,[7][8][9] Gradle, Hudson,[10] Maven,[11] Bamboo[12] and Jenkins.[13]
Additional rule sets can be plugged in FindBugs to increase the set of checks performed.[14]
See also
External links
- Official website
- Manual
- List of bug patterns
- fb-contrib: additional bug detectors for FindBugs
- FindSecurityBugs: additional security-oriented bug detectors for FindBugs
- FindBugs-IDEA – The FindBugs Plugin for IntelliJ IDEA
SpotBugs
Developer(s) | SpotBugs team |
---|---|
Initial release | 23 October 2017[15] |
Stable release | 4.6.0
/ March 7, 2022 |
Repository | GitHub |
Written in | Java |
Operating system | Cross-platform |
Predecessor | FindBugs |
License | GNU Lesser General Public License |
Website | Homepage, Manual |
SpotBugs is the spiritual successor of FindBugs, carrying on from the point where it left off with support of its community.
In 2016, the project lead of FindBugs was inactive but there are many issues in its community so Andrey Loskutov gave an announcement [16] to its community, and some volunteers tried creating a project with support for modern Java platform and better maintainability. On September 21, 2017, Andrey Loskutov again gave an announcement [17] about the status of new community, then released SpotBugs 3.1.0 [18] with support for Java 11 the new LTS, especially Java Platform Module System and invokedynamic
instruction.
There are also plug-ins available for Eclipse,[19] IntelliJ IDEA,[20] Gradle,[21] Maven[22] and SonarQube.[23] SpotBugs also supports all of existing FindBugs plugins such as sb-contrib,[24] find-security-bugs,[25] with several minor changes.[26]
Applications
SpotBugs have numerous areas of applications:
- Testing during a Continuous Integration or Delivery Cycle.
- Locating faults in an application.
- During a code review.
External links
References
- ^ "FindBugs 1.0.0 release date".
- ^ "FindBugs, Part 1: Improve the quality of your code". IBM.
- ^ "FindBugs, Part 2: Writing custom detectors". IBM.
- ^ Markus, Sprunck. "Findbugs – Static Code Analysis of Java". Retrieved April 24, 2013.
- ^ "FindBugs Downloads".
- ^ "Static Code Analysis in the NetBeans IDE Java Editor".
- ^ idea-findbugs plug-in
- ^ "Google Project Hosting".
- ^ "QAPlug – quality assurance plugin".
- ^ "FindBugs Plugin". Archived from the original on 2013-01-29. Retrieved 2010-03-22.
- ^ "FindBugs Maven Plugin – Introduction".
- ^ View FindBugs
- ^ "Findbugs".
- ^ "fb-contrib™: A FindBugs™ auxiliary detector plugin".
- ^ "SpotBugs 3.1.0 release date". GitHub. 17 November 2021.
- ^ Loskutov, Andrey (November 2, 2016). "[FB-Discuss] Project status". Retrieved 2021-06-24.
- ^ Loskutov, Andrey (September 21, 2017). "[FB-Discuss] Announcing SpotBugs as FindBugs successor". Retrieved 2021-06-24.
- ^ "Release SpotBugs 3.1.0 · spotbugs/spotbugs". GitHub. Retrieved 2021-06-24.
- ^ "SpotBugs Eclipse Plugin Update Site".
- ^ "SpotBugs-IDEA".
- ^ "SpotBugs Gradle Plugin".
- ^ "SpotBugs Maven Plugin".
- ^ "sonar-findbugs". GitHub. 15 November 2021.
- ^ "'spotbugs' branch in fb-contrib repo". GitHub.
- ^ "Find Security Bugs".
- ^ "Migration guide for Plugin Developers".