'How to integrate find-sec-bugs in spotbugs?
Recently I downloaded the findsecbugs-plugin-1.11.0.jar in order to use it in spotbugs. I copied this jar file to the folder plugin of the project spotbugs(4.1.4).
I execute spotbugs making use of ant. When I run the ant target I get the following message:
[spotbugs] Executing SpotBugs FindBugsTask from ant task
[spotbugs] Running SpotBugs...
[spotbugs] The following classes needed for analysis were missing:
[spotbugs] apply
[spotbugs] applyAsInt
[spotbugs] test
[spotbugs] accept
[spotbugs] Java Result: 3
[spotbugs] Classes needed for analysis were missing
Do you know what extra jar files do I need?
Solution 1:[1]
Unfortunately, the Ant integration does not have plugins configuration.
Option 1 : Exec Task
You could run the command-line version of Find-Security-Bugs. You have to invoke the tool with exec
task. With this, you will be able to generate XML, HTML and SARIF reports.
Option 2 : Java task
As an alternative, you can use the Java task to invoke the class edu.umd.cs.findbugs.FindBugs2
which handles the CLI interface of SpotBugs.
You can take inspiration from the Maven implementation which use under the hood the AntRunner.
ant.java(classname: "edu.umd.cs.findbugs.FindBugs2", inputstring: getSpotbugsAuxClasspath(), fork: "${fork}", failonerror: "true", clonevm: "false", timeout: "${timeout}", maxmemory: "${maxHeap}m") {
...
}
I'm not 100% sure that you can define pluginArtifacts from an Ant script. You might have to create a small plugin to do it.
- Example of FindBugs2 invocation from Ant java task: SpotBugsMojo.groovy
- Java task
Solution 2:[2]
Although not documented in https://spotbugs.readthedocs.io/en/latest/ant.html#parameters, the Ant integration does support plugins using the pluginList parameter (see https://github.com/spotbugs/spotbugs/blob/master/spotbugs-ant/src/main/java/edu/umd/cs/findbugs/anttask/FindBugsTask.java). So,
<spotbugs home="..." ...
pluginList="findsecbugs-plugin-1.12.0.jar">
...
</spotbugs>
works.
Try running with parameter debug="true"
to see details.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | |
Solution 2 | db. |