📑 Table of Contents
FindBugs
DevelopersBill Pugh and David Hovemeyer
Release10 June 2006; 20 years ago (2006-06-10)[1]
Stable release
3.0.1 / March 6, 2015; 11 years ago (2015-03-06)
Written inJava
Operating systemCross-platform
TypeStatic code analysis
LicenseGNU Lesser General Public License
Websitefindbugs.sourceforge.net Edit this at Wikidata
Repository

FindBugs is an open-source static code analyzer created by Bill Pugh and David Hovemeyer which detects possible bugs in Java programs[2][3], continued as SpotBugs[4]. Potential errors are classified in four ranks: (i) scariest, (ii) scary, (iii) troubling and (iv) of concern. This is a hint to the developer about their possible impact or severity.[5]. FindBugs operates on Java bytecode, rather than source code. The software is distributed as a stand-alone GUI application. There are also plug-ins available for Eclipse,[6] NetBeans,[7] IntelliJ IDEA,[8][9][10] Gradle, Hudson,[11] Maven,[12] Bamboo[13] and Jenkins.[14]

Additional rule sets can be plugged in FindBugs to increase the set of checks performed.[15]

See also

edit
edit

SpotBugs

edit
SpotBugs
DeveloperSpotBugs team
Release23 October 2017; 8 years ago (2017-10-23)[16]
Stable release
4.6.0 / March 7, 2022; 4 years ago (2022-03-07)
Written inJava
Operating systemCross-platform
PredecessorFindBugs
LicenseGNU Lesser General Public License
WebsiteHomepage, Manual
RepositoryGitHub

SpotBugs is the spiritual successor of FindBugs, carrying on from the point where it left off with support of its community.

In 2016, the project lead of FindBugs was inactive but there are many issues in its community so Andrey Loskutov gave an announcement [17] to its community, and some volunteers tried creating a project with support for modern Java platform and better maintainability. On September 21, 2017, Andrey Loskutov again gave an announcement [18] about the status of new community, then released SpotBugs 3.1.0 [19] with support for Java 11 the new LTS, especially Java Platform Module System and invokedynamic instruction.

There are also plug-ins available for Eclipse,[20] IntelliJ IDEA,[21] Gradle,[22] Maven[23] and SonarQube.[24] SpotBugs also supports all of existing FindBugs plugins such as sb-contrib,[25] find-security-bugs,[26] with several minor changes.[27]

Applications

edit

SpotBugs have numerous areas of applications:

  1. Testing during a Continuous Integration or Delivery Cycle.
  2. Locating faults in an application.
  3. During a code review.
edit

References

edit
  1. ^ "FindBugs 1.0.0 release date".
  2. ^ "FindBugs, Part 1: Improve the quality of your code". IBM.
  3. ^ "FindBugs, Part 2: Writing custom detectors". IBM.
  4. ^ https://spotbugs.github.io/. {{cite web}}: Missing or empty |title= (help)
  5. ^ Markus, Sprunck. "Findbugs – Static Code Analysis of Java". Retrieved April 24, 2013.
  6. ^ "FindBugs Downloads".
  7. ^ "Static Code Analysis in the NetBeans IDE Java Editor". Archived from the original on 2014-08-12. Retrieved 2013-10-21.
  8. ^ idea-findbugs plug-in
  9. ^ "Google Project Hosting".
  10. ^ "QAPlug – quality assurance plugin".
  11. ^ "FindBugs Plugin". Archived from the original on 2013-01-29. Retrieved 2010-03-22.
  12. ^ "FindBugs Maven Plugin – Introduction".
  13. ^ View FindBugs
  14. ^ "Findbugs".
  15. ^ "fb-contrib™: A FindBugs™ auxiliary detector plugin".
  16. ^ "SpotBugs 3.1.0 release date". GitHub. 17 November 2021.
  17. ^ Loskutov, Andrey (November 2, 2016). "[FB-Discuss] Project status". Retrieved 2021-06-24.
  18. ^ Loskutov, Andrey (September 21, 2017). "[FB-Discuss] Announcing SpotBugs as FindBugs successor". Retrieved 2021-06-24.
  19. ^ "Release SpotBugs 3.1.0 · spotbugs/spotbugs". GitHub. Retrieved 2021-06-24.
  20. ^ "SpotBugs Eclipse Plugin Update Site".
  21. ^ "SpotBugs-IDEA".
  22. ^ "SpotBugs Gradle Plugin".
  23. ^ "SpotBugs Maven Plugin".
  24. ^ "sonar-findbugs". GitHub. 15 November 2021.
  25. ^ "'spotbugs' branch in fb-contrib repo". GitHub.
  26. ^ "Find Security Bugs".
  27. ^ "Migration guide for Plugin Developers".


Stub icon

This programming-tool-related article is a stub. You can help Wikipedia by adding missing information.

📚 Artikel Terkait di Wikipedia

William Pugh (computer scientist)

Presburger arithmetic. He was the co-author of the static code analysis tool FindBugs, and was highly influential in the development of the current memory model

List of tools for static code analysis

and Jeff Foster, University of Maryland. Compares Bandera, ESC/Java 2, FindBugs, JLint, and PMD. "Mini-review of Java Bug Finders", by Rick Jelliffe, O'Reilly

Code smell

quality are often the causes of such smells. Tools such as Checkstyle, PMD, FindBugs, and SonarQube can automatically identify code smells. Duplicated code

Comparison of continuous integration software

IDEA, Android Studio, Visual Studio Code GitHub, Jenkins, Slack, Hipchat, FindBugs, Checkstyle, PMD Bamboo Web container Proprietary MSBuild, NAnt, Visual

List of free and open-source software packages

Test Anything Protocol Valgrind Checkstyle Coccinelle Cppcheck ESLint FindBugs Frama-C Infer JSHint lint PMD Pylint Semgrep Soot Sparse Splint Yasca Docker

SQuORE

results, bug tracking system) and tools (reads outputs of Checkstyle, PMD, FindBugs, Polyspace, Coverity or SonarQube) and publishes a summarised view of the

List of Java software and tools

automation for web app testing Spock – test framework SpotBugs (formerly FindBugs) – static analysis tool TestNG – testing framework inspired by JUnit and

Change impact analysis

supporting to show such dependencies are: Integrated development environment FindBugs JRipples AppDynamics CodeLogic Visual Expert There are as well tools applying