Comments (10)
@victorherraiz-santander Did that work previously on 4.7.3.0?
from spotbugs-maven-plugin.
4.7.3.0 behaves as expected and suppress the warning
from spotbugs-maven-plugin.
@victorherraiz-santander Thanks, will look into it as soon as I can. Nothing is coming to mind at the moment as to the issue, still same spotbugs...
from spotbugs-maven-plugin.
Thank you!
These are the versions that work for me:
<spotbugs.version>4.7.3</spotbugs.version>
<spotbugs-maven-plugin.version>4.7.3.0</spotbugs-maven-plugin.version>
<findsecbugs-plugin.version>1.12.0</findsecbugs-plugin.version>
And this is the plugin declaration:
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>${spotbugs-maven-plugin.version}</version>
<dependencies>
<dependency>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs</artifactId>
<version>${spotbugs.version}</version>
</dependency>
<dependency>
<groupId>uk.co.package.springboot</groupId>
<artifactId>spotbugs-configuration</artifactId>
<version>1.3.2-SNAPSHOT</version>
</dependency>
</dependencies>
<configuration>
<effort>Max</effort>
<failThreshold>Medium</failThreshold>
<sarifOutput>true</sarifOutput>
<excludeFilterFile>uk/co/package/spotbugs/exclude-filter-file.xml</excludeFilterFile>
<plugins>
<plugin>
<groupId>com.h3xstream.findsecbugs</groupId>
<artifactId>findsecbugs-plugin</artifactId>
<version>${findsecbugs-plugin.version}</version>
</plugin>
</plugins>
</configuration>
<executions>
<execution>
<id>spotbugs-check</id>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
</plugin>
If I increase just the plugin versions it fails
from spotbugs-maven-plugin.
Diff between 4.7.3.0 and master can be seen here.
spotbugs-maven-plugin-4.7.3.0...spotbugs
Only specific changes I can gather are that sarif originally ignored the xml report.
Spotbugs claims to support as many reports as needed. The xml one is default. I wonder if allowing both to be created has not impacted sarif usage. Can you check your output and see if there is additionally xml output that may contain the specific issue?
Also would it be possible to write an integration test for us that demonstrates this specific issue to better help solve it?
I'd like to get a 4.7.3.3 out soon as groovy just fixed a defect affecting this project that I've now allowed so I'll wait until I hear back from you to potentially get this included.
from spotbugs-maven-plugin.
Sorry for the delay.
Both, xml and sarif, show the same info.
I will try adding an integration test to replicate the issue.
I also tested with 4.7.3.4 and the issue is still there.
As you can see I am using the same version of spotbugs with different plugin <spotbugs.version>4.7.3</spotbugs.version>
from spotbugs-maven-plugin.
@hazendaz The issue is still there for 4.8.2.0 with 4.8.2
Moving @SuppressFBWarnings("PREDICTABLE_RANDOM")
from field to class, it works. But it is not desirable. It's like field suppresion is not working for some reason.
from spotbugs-maven-plugin.
Is this a spotbugs issue then rather than maven plugin?
from spotbugs-maven-plugin.
Using spotbugs 4.7.3 in 4.7.3.1 or even in 4.8.2.0 does not solve the problem. And using a new spotbugs version in 4.7.3.0 does not reproduce the issue. Then, I think spotbugs is not the issue.
I saw that there are several dependency updates on 4.7.3.1. I tried to downgrade most of them but groovy, the issue still there. I will take a look to the options pass to the ant task when I have some free time.
from spotbugs-maven-plugin.
So you are saying it was working prior to 4.7.0? Possibly something in there. I've been trying to be a bit more aggressive on this repo and unlike in the past where this was my only part of spotbugs, I'm now involved in most of the other projects now too. We did seem to lose some regular folks working on things so its down to just really 3 of us and 2 others that have stepped back a little. Unfortunately on maven, its mostly been me so any help you can provide would be great. Any integration tests added would help too. In fact, I pretty much go with all is well when those work given there are so many.
from spotbugs-maven-plugin.
Related Issues (20)
- Extend via dependencies rather than custom configuration HOT 8
- Uses deprecated maven components HOT 8
- Does spotbugs report plugin support aggregation HOT 2
- Review replacing usage of 'ant'
- FindBugsAntBuildLogic 3.7 generates invalid findbugs_report.xml file HOT 2
- java 22 support will be in groovy 4.0.16 which isn't out yet HOT 2
- plugin build setting HOT 9
- makeConcatWithConstants + apply classes needed for analysis were missing HOT 1
- check does not fail if called as defaultGoal of profile HOT 4
- Build repeats "Unable to create Maven project for" warning and fails HOT 6
- NOTICE: Maven support will be moved to 3.6.3 as minimum on next release HOT 1
- Sporadic spotbugs failure HOT 1
- Spotbugs Maven Plugin 4.8.4 waiting on groovy! HOT 1
- Support the `chooseVisitors` option
- Is there a way to configure an accepted number of errors in order to introduce spotbugs into existing projects HOT 2
- All documentation descriptions are empty HOT 1
- After recent updates in core libraries ad plugin `verify` and `spotbugs:check` works differently
- Plugin tries to fetch latest snapshot version HOT 7
- GHA - remove the duplicate codeql file HOT 1
- Release 4.8.6.0 suddenly requires Java 11 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spotbugs-maven-plugin.