CODEWITHSUNDEEP
mavenspotbugs
jokarl
jokarl

Reputation: 2225

SpotBugs site report inconsistent with spotbugs:gui goal

I have set up SpotBugs to help us adhere to some standards, but I get different results in my generated site compared to SpotBugs user interface. This is my configuration of SpotBugs in my pom file:

<build>
    <plugins>
        <plugin>
            <groupId>com.github.spotbugs</groupId>
            <artifactId>spotbugs-maven-plugin</artifactId>
            <version>${spotbugs-maven-plugin.version}</version>
            <configuration>
                <excludeFilterFile>
                    src/test/resources/SpotBugsExcludeFilter.xml
                </excludeFilterFile>
            </configuration>
            <dependencies>
                <dependency>
                    <groupId>com.github.spotbugs</groupId>
                    <artifactId>spotbugs</artifactId>
                    <version>${spotbugs.version}</version>
                </dependency>
            </dependencies>
        </plugin>
    </plugins>
</build>

...
<reporting>
    <plugins>
        <plugin>
            <groupId>com.github.spotbugs</groupId>
            <artifactId>spotbugs-maven-plugin</artifactId>
            <version>${spotbugs-maven-plugin.version}</version>
            <configuration>
                <excludeFilterFile>
                    src/test/resources/SpotBugsExcludeFilter.xml
                </excludeFilterFile>
            </configuration>
        </plugin>
    </plugins>
</reporting>

When I run mvn clean install site, the site reports 5 bugs.
When I run mvn clean install spotbugs:gui, the gui reports 0 bugs.

How come there is a difference? It seems as if the site goal disregards my exclusion filter, but I can't see why. I am also not entirely sure how the build/plugins section correlates with the reporting/plugins section. If someone could tell me what I'm messing up here I'd be very grateful.

Upvotes: 0

Views: 794

Answers (1)

h3xStream
h3xStream

Reputation: 6621

spotbugs:gui is not triggering the reporting scope where your configuration is defined.

You should be specifying your SpotBugs configuration in the <build> section.

<build>
    <plugins>

        [...]
        <!-- SpotBugs Static Analysis -->
        <plugin>
            <groupId>com.github.spotbugs</groupId>
            <artifactId>spotbugs-maven-plugin</artifactId>
            <version>${spotbugs-maven-plugin.version}</version>
            <configuration>
                <excludeFilterFile>src/test/resources/SpotBugsExcludeFilter.xml</excludeFilterFile>
            </configuration>
        </plugin>
    </plugins>
</build>

https://github.com/find-sec-bugs/find-sec-bugs/wiki/Maven-configuration

Upvotes: 0

Related Questions