Open sbesson opened 8 years ago
See also https://trello.com/c/UP6SA0d3/31-findbugs-301 and https://trello.com/c/eKY4jQVH/180-findbugs-evaluate-spotbugs. The current version of findbugs-maven-plugin
(3.0.5) uses Findbugs 3.0.1: https://github.com/gleclaire/findbugs-maven-plugin/blob/findbugs-maven-plugin-3.0.5/pom.xml#L121
Many of the bugs noted above would be ignored by https://github.com/openmicroscopy/bioformats/blob/develop/excludebugs.xml. Before going too far with this, it might be worth discussing to what extent we want to have unified exclude rules for all repositories.
Considering how old findbugs is (latest release was in 06 March 2015) if we should consider a different bug finder system
Spotbugs would be one option, as it's a continuation of Findbugs. Adding this to the pom.xml
and running mvn spotbugs:check
seems to work:
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>4.8.4.0</version>
<configuration>
<threshold>high</threshold>
</configuration>
<dependencies>
<dependency>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs</artifactId>
<version>4.8.4</version>
</dependency>
</dependencies>
</plugin>
Omitting the configuration
block will fail with a bunch of medium-priority warnings (similar to the original issue description).
Follow-up task of https://github.com/ome/ome-common-java/pull/1, activating
mvn findbugs:check
in Travis requires to fix 30 bugs in the code base