I use Spotbugs, sb-contrib, and findsecbugs via maven.
I think it's the "Run Maven" plugin that lets you right-click your
project "Run Maven". First time, choose "Goals". Enter
"spotbugs:spotbugs spotbugs:gui" for "Goals" and check "Remember as" at
the bottom, and name it "Spotbugs". Next time you open the "Run Maven"
menu, "Spotbugs" will be a choice. Choose that to run Spotbugs. It
will check your code and launch the GUI.
It's not as good as having the native plugin, but works. Assuming that
you're using Maven of course.
The sonar plugin is also pretty good.
Here's the plugin section from my pom.
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<configuration>
<plugins>
<plugin>
<groupId>com.mebigfatguy.sb-contrib</groupId>
<artifactId>sb-contrib</artifactId>
<version>7.4.7</version>
</plugin>
<plugin>
<groupId>com.h3xstream.findsecbugs</groupId>
<artifactId>findsecbugs-plugin</artifactId>
<version>1.11.0</version>
</plugin>
</plugins>
</configuration>
</plugin>
On 6/29/22 14:54, Thomas Wolf wrote:
FindSecBugs is a static code analysis tool for web apps that’s based
on SpotBugs (which in turn is based on FindBugs, a tool whose NB
plugin is no longer supported AFAIK). FindSecBugs’ integration with
NB is described on GitHub here:
NetBeans Tutorial · find-sec-bugs/find-sec-bugs Wiki
<https://github.com/find-sec-bugs/find-sec-bugs/wiki/NetBeans-Tutorial>
github.com
<https://github.com/find-sec-bugs/find-sec-bugs/wiki/NetBeans-Tutorial>
<https://github.com/find-sec-bugs/find-sec-bugs/wiki/NetBeans-Tutorial>
This tutorial is no longer valid as it describes how to do it in NB
8.0 using the then-supported FindBugs plugin. Does anyone know if
FindSecBugs can be installed in more recent versions of NB (e.g. 11,
12, 13, or 14)? If so, any instructions would be much appreciated.
Thanks,
Tom
