At the moment, we add spotbugs and findsecbugs-plugin to the libraryDependencies, and use the same classpath for -cp and -auxclasspath. This means that:
the project's dependencies can affect spotbugs' dependency resolution;
spotbugs has to check itself for bugs;
spotbugs dependencies can affect the project's dependency resolution;
the produced artifact depends on spotbugs etc. for no reason.
We should keep spotbugs classpath in a separate configuration, and not mix it with the project itself.
At the moment, we add
spotbugs
andfindsecbugs-plugin
to thelibraryDependencies
, and use the same classpath for-cp
and-auxclasspath
. This means that:spotbugs
' dependency resolution;spotbugs
has to check itself for bugs;spotbugs
dependencies can affect the project's dependency resolution;spotbugs
etc. for no reason.We should keep
spotbugs
classpath in a separate configuration, and not mix it with the project itself.