search

spotbugs / discuss

SpotBugs mailing list
6 stars 1 forks source link

Getting a list of detectors by rank? #68

Open aaime opened 5 years ago

aaime commented 5 years ago

I've currently integrated Spotbugs in a build that fails when any issue is found. Of course, to make that feasible, I had to start with the highest rank detectors and go down to the less problematic ones. I've now reached rank 10 and fixed a number of issues. That is good, but I have no idea which detectors are running, is there any way to discover that? In other words, how does one get a list of detectors along with their rank?

KengoTODA commented 5 years ago

You can get list of rank at here: https://github.com/spotbugs/spotbugs/blob/release-3.1/spotbugs/etc/bugrank.txt

Or you may use priority instead, see -high option and others.

aaime commented 5 years ago

Thanks for the follow up!

The bugrank file is interesting... so I assume a specific detector rank is based on its catery, plus/minus an adjustment by kind, plus/minus an eventual adjustment for the single detector?

About the priority, it's less fine grained, which to me is a bit of a problem, since I can only add detectors during the weekend, and to do so I have to fix all failures found, but I guess that having a list one could just disable a bunch but one in the next priority level. Is there a list of detectors by priority? (I'm mostly asking because in another thread you seem to be inclined to remove rank).

Generally speaking, it would be useful to have a way to list the current detectors Spotbugs is running, and some process to just whitelist them a few at a time, in a controlled way. With PMD I can provide a whitelist, e.g., https://github.com/geotools/geotools/blob/master/build/qa/pmd-ruleset.xml whilst with Spotbugs at the moment I'd doing rank plus excludes, but I don't really know what detectors are running, e.g.: https://github.com/geotools/geotools/blob/master/pom.xml#L374 https://github.com/geotools/geotools/blob/master/build/qa/spotbugs-exclude.xml

KengoTODA commented 5 years ago

Is there a list of detectors by priority?

No in my understanding. Because same detector can use different priority for each BugInstance. List of detector is available at here, however it has no info about rank nor priority.

aaime commented 5 years ago

@KengoTODA thanks for confirming. In my specific use case, that makes it harder to incrementally add checks in the build, while I can do so easily with PMD (just whitelisting the next check I want to enable and fix the issues found). Spotbugs wise, I'll keep on raising the rank value in the maven config and disable the checks whose reports are too hard to fix in the codebase.