SpotBugs

SpotBugs is a program which uses static analysis to look for bugs in Java code.

Version

4.0.0

Runtime

Debian Stretch

Supported Languages

Java

Official Documentation

https://spotbugs.github.io/

YAML Configuration

spotbugs:

  • input:

    Patterns to include in execution and reports.

  • ignore:

    Patterns to exclude from execution and reports.

  • auto-fix:

    N/A

  • config-file:

    N/A

  • machine:

    • cpu:

      Amount of CPU. The default machine has 0.75 CPU with 2880 MiB RAM.

      Inspecode configures the maximum heap size (-Xmx) of the Java virtual machine (JVM) according to this value. Inspecode reserves 240 MiB RAM for system, and makes the rest of RAM available to JVM for heap allocation. For example, -Xmx2640m is specified by default (for 0.75 CPU), -Xmx5520m is specified for 1.5 CPU.

  • options:

    Below is the list of options that are supported:

    General FindBugs options:
      -project <project>                       analyze given project
      -effort[:min|less|default|more|max]      set analysis effort level
      -adjustExperimental                      lower priority of experimental Bug Patterns
      -workHard                                ensure analysis effort is at least 'default'
      -conserveSpace                           same as -effort:min (for backward compatibility)
      -userPrefs <filename>                    user preferences file, e.g /path/to/project/.settings/edu.umd.cs.findbugs.core.prefs for Eclipse projects
    Output options:
      -experimental                            report of any confidence level including experimental bug patterns
      -low                                     report warnings of any confidence level
      -medium                                  report only medium and high confidence warnings [default]
      -high                                    report only high confidence warnings
      -maxRank <rank>                          only report issues with a bug rank at least as scary as that provided
      -dontCombineWarnings                     Don't combine warnings that differ only in line number
      -relaxed                                 Relaxed reporting mode (more false positives!)
      -useTraining[:inputDir]                  Use training data (experimental); input dir defaults to '.'
      -redoAnalysis <filename>                 Redo analysis using configureation from previous analysis
      -sourceInfo <filename>                   Specify source info file (line numbers for fields/classes)
      -nested[:true|false]                     analyze nested jar/zip archives (default=true)
    Output filtering options:
      -bugCategories <cat1[,cat2...]>          only report bugs in given categories
      -onlyAnalyze <classes/packages>          only analyze given classes and packages; end with .* to indicate classes in a package, .- to indicate a package prefix
      -excludeBugs <baseline bugs>             exclude bugs that are also reported in the baseline xml output
      -exclude <filter file>                   exclude bugs matching given filter
      -include <filter file>                   include only bugs matching given filter
      -applySuppression                        Exclude any bugs that match suppression filter loaded from fbp file
    Detector (visitor) configuration options:
      -visitors <v1[,v2...]>                   run only named visitors
      -omitVisitors <v1[,v2...]>               omit named visitors
      -chooseVisitors <+v1,-v2,...>            selectively enable/disable detectors
      -choosePlugins <+p1,-p2,...>             selectively enable/disable plugins
      -adjustPriority <v1=(raise|lower)[,...]> raise/lower priority of warnings for given visitor(s)
    Project configuration options:
      -auxclasspath <classpath>                set aux classpath for analysis
      -auxclasspathFromFile <filepath>         read aux classpaths from a designated file
      -sourcepath <source path>                set source path for analyzed classes
      -analyzeFromFile <filepath>              get the list of class/jar files from a designated file
    
    Inspecode's original options:
      -targets <jar/zip/class files, directories...>
                                               specify classfiles/jarfiles from command line.
    
    > **Note:**
    Targets need to be specified by -project, -analyzeFromFile, or -targets option
    in order to run SpotBugs on Inspecode.
    

YAML Examples

  • With default options:

    inspecode:
      tools:
        spotbugs: default
    
  • With custom machine:

    inspecode:
      tools:
        spotbugs:
          machine:
            cpu: 1.5 # 1.5 CPU, 5760 MiB RAM
    
  • With custom options:

    inspecode:
      tools:
        spotbugs:
          options:
            -effort: min
    

results matching ""

    No results matching ""