search

spotbugs / spotbugs-maven-plugin

Maven Mojo Plug-In to generate reports based on the SpotBugs Analyzer
https://spotbugs.github.io/spotbugs-maven-plugin/
Apache License 2.0
69 stars 50 forks source link

Sporadic spotbugs failure #772

Open bkrogh opened 1 month ago

bkrogh commented 1 month ago

We occasionally hit below error in our CI infrastructure, with an error internal to spotbugs. Restarting almost always succeeds.

We scan a code base with 100+ artifacts. Occasionally one of the scanned artifacts fail, but it is non-deterministic which one. It looks like some kind of race condition to me, but that is just guesswork.

We are using java 17 and maven 3.9.5

[INFO] --- spotbugs:4.8.3.0:spotbugs (spotbugs) @ web-security-library-3x ---
[INFO] Fork Value is true
     [java] Exception in thread "main" java.lang.NullPointerException: Cannot invoke "edu.umd.cs.findbugs.classfile.IAnalysisCache.getProfiler()" because the return value of "edu.umd.cs.findbugs.classfile.Global.getAnalysisCache()" is null
     [java]     at edu.umd.cs.findbugs.classfile.impl.ZipCodeBaseFactory.makeZipCodeBase(ZipCodeBaseFactory.java:36)
     [java]     at edu.umd.cs.findbugs.classfile.impl.ClassFactory.createFilesystemCodeBase(ClassFactory.java:122)
     [java]     at edu.umd.cs.findbugs.classfile.impl.FilesystemCodeBaseLocator.openCodeBase(FilesystemCodeBaseLocator.java:77)
     [java]     at edu.umd.cs.findbugs.classfile.impl.ClassPathBuilder.processWorkList(ClassPathBuilder.java:620)
     [java]     at edu.umd.cs.findbugs.classfile.impl.ClassPathBuilder.build(ClassPathBuilder.java:230)
     [java]     at edu.umd.cs.findbugs.FindBugs2.buildClassPath(FindBugs2.java:708)
     [java]     at edu.umd.cs.findbugs.FindBugs2.execute(FindBugs2.java:245)
     [java]     at edu.umd.cs.findbugs.FindBugs.runMain(FindBugs.java:395)
     [java]     at edu.umd.cs.findbugs.FindBugs2.main(FindBugs2.java:1231)
[INFO] ------------------------------------------------------------------------

Configuration:

                <plugin>
                    <groupId>com.github.spotbugs</groupId>
                    <artifactId>spotbugs-maven-plugin</artifactId>
                    <version>4.8.3.0</version>
                    <configuration>
                        <excludeFilterFiles>
                            <excludeFilterFile>spotbugs-exclude-filter.xml</excludeFilterFile>
                        </excludeFilterFiles>
                        <plugins>
                            <plugin>
                                <groupId>com.h3xstream.findsecbugs</groupId>
                                <artifactId>findsecbugs-plugin</artifactId>
                                <version>1.12.0</version>
                            </plugin>
                        </plugins>
                    </configuration>
                    <executions>
                        <execution>
                            <phase>verify</phase>
                            <goals>
                                <goal>check</goal>
                            </goals>
                        </execution>
                    </executions>
                    <dependencies>
                        <dependency>
                            <groupId>com.github.spotbugs</groupId>
                            <artifactId>spotbugs</artifactId>
                            <version>4.8.3</version>
                        </dependency>
                    </dependencies>
                </plugin>

Any idea whether this is due to an issue in the plugin or in the core spotbugs implementation?