Open p-f opened 5 years ago
The default threshold of Spotbugs is medium
which means, that low confidence issues are suppressed. We can configure this by setting configuration <threshold>Low/Medium/High</threshold>
. Setting it to low, the build fails during 29 found bugs.
Further Information: https://buildmedia.readthedocs.org/media/pdf/spotbugs/latest/spotbugs.pdf https://spotbugs.github.io/spotbugs-maven-plugin/examples/violationChecking.html https://github.com/spotbugs/spotbugs-gradle-plugin/issues/4 https://github.com/find-sec-bugs/find-sec-bugs/wiki/Maven-configuration
We already use FindBugs/SpotBugs in our build process, however the results are seemingly ignored. There are hundreds of warnings and errors throughout the project, we might want to have a look at those (although most of those should not be relevant).
We should therefore check our FindBugs/SpotBugs config and see how we can make use of it's results.