Skip to content

FindSecBugs Plugin

Info

Check out the official site here.

Plugin overview

FindSecBugs is an extension of the SpotBugs analyzer that works on compiled Java code. It focuses on finding security-critical bugs such as potential code injections.

Bug

Using the FindSecBugs plugin may mark the analysis run as unsuccessful when using lambdas. This is a known issue within SpotBugs

How does FindSecBugs use the context?

FindSecBugs relies on the compiled code of the libraries to resolve all code references. Therefore, the context should point to those libraries in order to ensure a complete analysis.