FindBugs

Last updated
FindBugs
Developer(s) Bill Pugh and David Hovemeyer
Initial release10 June 2006;17 years ago (2006-06-10) [1]
Stable release
3.0.1 / March 6, 2015;8 years ago (2015-03-06)
Repository
Written in Java
Operating system Cross-platform
Type Static code analysis
License Lesser GNU General Public License
Website findbugs.sourceforge.net OOjs UI icon edit-ltr-progressive.svg

FindBugs is an open-source static code analyser created by Bill Pugh and David Hovemeyer which detects possible bugs in Java programs. [2] [3] Potential errors are classified in four ranks: (i) scariest, (ii) scary, (iii) troubling and (iv) of concern. This is a hint to the developer about their possible impact or severity. [4] FindBugs operates on Java bytecode, rather than source code. The software is distributed as a stand-alone GUI application. There are also plug-ins available for Eclipse, [5] NetBeans, [6] IntelliJ IDEA, [7] [8] [9] Gradle, Hudson, [10] Maven, [11] Bamboo [12] and Jenkins. [13]

Contents

Additional rule sets can be plugged in FindBugs to increase the set of checks performed. [14]

See also

SpotBugs

SpotBugs
Developer(s) SpotBugs team
Initial release23 October 2017;5 years ago (2017-10-23) [15]
Stable release
4.6.0 / March 7, 2022;16 months ago (2022-03-07)
Repository GitHub
Written in Java
Operating system Cross-platform
PredecessorFindBugs
License GNU Lesser General Public License
Website Homepage, Manual

SpotBugs is the spiritual successor of FindBugs, carrying on from the point where it left off with support of its community.

In 2016, the project lead of FindBugs was inactive but there are many issues in its community so Andrey Loskutov gave an announcement [16] to its community, and some volunteers tried creating a project with support for modern Java platform and better maintainability. In 2017 Sep, Andrey Loskutov again gave an announcement [17] about the status of new community, then released SpotBugs 3.1.0 [18] with support for Java 11 the new LTS, especially Java Platform Module System and invokedynamic instruction.

There are also plug-ins available for Eclipse, [19] IntelliJ IDEA, [20] Gradle, [21] Maven [22] and SonarQube. [23] SpotBugs also supports all of existing FindBugs plugins such as sb-contrib, [24] find-security-bugs, [25] with several minor changes. [26]

Applications

SpotBugs have numerous areas of applications:

  1. Testing during a Continuous Integration or Delivery Cycle.
  2. Locating faults in an application.
  3. During a code review.

Related Research Articles

JUnit is a unit testing framework for the Java programming language. JUnit has been important in the development of test-driven development, and is one of a family of unit testing frameworks which is collectively known as xUnit that originated with SUnit.

<span class="mw-page-title-main">Plug-in (computing)</span> Software component that adds a specific feature to an existing software application

In computing, a plug-in is a software component that adds a specific feature to an existing computer program. When a program supports plug-ins, it enables customization.

<span class="mw-page-title-main">Eclipse (software)</span> Software development environment

Eclipse is an integrated development environment (IDE) used in computer programming. It contains a base workspace and an extensible plug-in system for customizing the environment. It is the second-most-popular IDE for Java development, and, until 2016, was the most popular. Eclipse is written mostly in Java and its primary use is for developing Java applications, but it may also be used to develop applications in other programming languages via plug-ins, including Ada, ABAP, C, C++, C#, Clojure, COBOL, D, Erlang, Fortran, Groovy, Haskell, JavaScript, Julia, Lasso, Lua, NATURAL, Perl, PHP, Prolog, Python, R, Ruby, Rust, Scala, and Scheme. It can also be used to develop documents with LaTeX and packages for the software Mathematica. Development environments include the Eclipse Java development tools (JDT) for Java and Scala, Eclipse CDT for C/C++, and Eclipse PDT for PHP, among others.

<span class="mw-page-title-main">IntelliJ IDEA</span> Integrated development environment

IntelliJ IDEA is an integrated development environment (IDE) written in Java for developing computer software written in Java, Kotlin, Groovy, and other JVM-based languages. It is developed by JetBrains and is available as an Apache 2 Licensed community edition, and in a proprietary commercial edition. Both can be used for commercial development.

Maven is a build automation tool used primarily for Java projects. Maven can also be used to build and manage projects written in C#, Ruby, Scala, and other languages. The Maven project is hosted by The Apache Software Foundation, where it was formerly part of the Jakarta Project.

<span class="mw-page-title-main">PMD (software)</span>

PMD is an open source static source code analyzer that reports on issues found within application code. PMD includes built-in rule sets and supports the ability to write custom rules. PMD does not report compilation errors, as it only can process well-formed source files. Issues reported by PMD are rather inefficient code, or bad programming habits, which can reduce the performance and maintainability of the program if they accumulate. It can analyze files written in Java, JavaScript, Apex and Visualforce, PLSQL, Apache Velocity, XML, and XSL.

The following tables list notable software packages that are nominal IDEs; standalone tools such as source-code editors and GUI builders are not included. These IDEs are listed in alphabetic order of the supported language.

TypeScript is a free and open-source high-level programming language developed by Microsoft that adds static typing with optional type annotations to JavaScript. It is designed for the development of large applications and transpiles to JavaScript. Because TypeScript is a superset of JavaScript, all JavaScript programs are syntactically valid TypeScript, but they can fail to type-check for safety reasons.

JSDoc is a markup language used to annotate JavaScript source code files. Using comments containing JSDoc, programmers can add documentation describing the application programming interface of the code they're creating. This is then processed, by various tools, to produce documentation in accessible formats like HTML and Rich Text Format. The JSDoc specification is released under CC BY-SA 3.0, while its companion documentation generator and parser library is free software under the Apache License 2.0.

Checkstyle is a static code analysis tool used in software development for checking if Java source code is compliant with specified coding rules.

sbt (software) Open-source build tool for Scala and Java projects

sbt is an open-source build tool created explicitly for Scala and Java projects. It aims to streamline the procedure of constructing, compiling, testing, and packaging applications, libraries, and frameworks. sbt is highly adaptable, permitting developers to customize the build process according to their project's specific needs.

<span class="mw-page-title-main">SonarQube</span> Open-source platform for continuous inspection of code quality

SonarQube is an open-source platform developed by SonarSource for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs and code smells on 29 programming languages. SonarQube offers reports on duplicated code, coding standards, unit tests, code coverage, code complexity, comments, bugs, and security recommendations.

PVS-Studio is a proprietary static code analyzer on guard of code quality, security, and code safety supporting C, C++, C++11, C++/CLI, C++/CX, C# and Java.

Java code coverage tools are of two types: first, tools that add statements to the Java source code and require its recompilation. Second, tools that instrument the bytecode, either before or during execution. The goal is to find out which parts of the code are tested by registering the lines of code executed when running a test.

JetBrains s.r.o. is a Czech software development private limited company which makes tools for software developers and project managers. The company has its headquarters in Prague, and has offices in China, Europe, and the United States.

Kotlin is a cross-platform, statically typed, general-purpose high-level programming language with type inference. Kotlin is designed to interoperate fully with Java, and the JVM version of Kotlin's standard library depends on the Java Class Library, but type inference allows its syntax to be more concise. Kotlin mainly targets the JVM, but also compiles to JavaScript or native code via LLVM. Language development costs are borne by JetBrains, while the Kotlin Foundation protects the Kotlin trademark.

<span class="mw-page-title-main">Eclipse Che</span> Developer workspace server software

Eclipse Che is an open-source, Java-based developer workspace server and Online IDE. It includes a multi-user remote development platform. The workspace server comes with a flexible RESTful webservice. It also contains a SDK for creating plug-ins for languages, frameworks or tools. Eclipse Che is an Eclipse Cloud Development (ECD) top-level project, allowing contributions from the user community.

<span class="mw-page-title-main">DBeaver</span> Multi-platform database administration software

DBeaver is a SQL client software application and a database administration tool. For relational databases it uses the JDBC application programming interface (API) to interact with databases via a JDBC driver. For other databases (NoSQL) it uses proprietary database drivers. It provides an editor that supports code completion and syntax highlighting. It provides a plug-in architecture that allows users to modify much of the application's behavior to provide database-specific functionality or features that are database-independent. This is a desktop application written in Java and based on Eclipse platform.

References

  1. "FindBugs 1.0.0 release date".
  2. "FindBugs, Part 1: Improve the quality of your code". IBM .
  3. "FindBugs, Part 2: Writing custom detectors". IBM .
  4. Markus, Sprunck. "Findbugs – Static Code Analysis of Java" . Retrieved April 24, 2013.
  5. "FindBugs Downloads".
  6. "Static Code Analysis in the NetBeans IDE Java Editor".
  7. idea-findbugs plug-in
  8. "Google Project Hosting".
  9. "QAPlug – quality assurance plugin".
  10. "FindBugs Plugin". Archived from the original on 2013-01-29. Retrieved 2010-03-22.
  11. "FindBugs Maven Plugin – Introduction".
  12. View FindBugs
  13. "Findbugs".
  14. "fb-contrib™: A FindBugs™ auxiliary detector plugin".
  15. "SpotBugs 3.1.0 release date". GitHub . 17 November 2021.
  16. Loskutov, Andrey (November 2, 2016). "[FB-Discuss] Project status" . Retrieved 2021-06-24.
  17. Loskutov, Andrey (September 21, 2017). "[FB-Discuss] Announcing SpotBugs as FindBugs successor" . Retrieved 2021-06-24.
  18. "Release SpotBugs 3.1.0 · spotbugs/spotbugs". GitHub. Retrieved 2021-06-24.
  19. "SpotBugs Eclipse Plugin Update Site".
  20. "SpotBugs-IDEA".
  21. "SpotBugs Gradle Plugin".
  22. "SpotBugs Maven Plugin".
  23. "sonar-findbugs". GitHub . 15 November 2021.
  24. "'spotbugs' branch in fb-contrib repo". GitHub .
  25. "Find Security Bugs".
  26. "Migration guide for Plugin Developers".


This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.