9 Replies Latest reply on Apr 13, 2012 8:47 AM by kasali45

    ShrinkWrap FindBugs

    alrubinger

      I've put a FindBugs static analysis on the ShrinkWrap project. It's exposed https://jira.jboss.org/jira/browse/SHRINKWRAP-38, which I resolved today.

      To run it, use "mvn site" then find projectName/target/site/findbugs.html. Ultra cool.

      S,
      ALR

        • 1. Re: ShrinkWrap FindBugs
          aslak

          Have you tried http://sonar.codehaus.org?

          With http://docs.codehaus.org/display/SONAR/Sonar+Plugin+Library like: TagList, Jira, Hudson, Emma, Technical debt, Metrics Analytics, etc etc..

          All the fun of the code analysis tools support in maven with non of the maven config hassle..

          If default installed on the local machine(with no external database), all you have to do is:
          - start sonar
          - run "mvn sonar:sonar" on _any_ project and your done..


          It will then run, findbugs, pmd, cpd, checkstyle, ckjm, taglist, surefire, ++(depending on server config)
          and summarize it all up into categories of issues with priority. It has rulesets to ignore a lot of the default checkstyle/findbugs warnings so you don't get spamed with 3000 tab/space issues etc..

          You can of course drill down into the diff findings in a nice little ajaxy web app. It also keeps state for each run, so you can see timeline changes in the different areas. It nicely keeps the project version number as markers on the timeline, so you can compare the development..


          Now That is Ultra Cool :)

          • 2. Re: ShrinkWrap FindBugs
            alrubinger

            Nifty. I'll have a closer look in a bit; thanks.

            S,
            ALR

            • 3. Re: ShrinkWrap FindBugs
              alrubinger

              I don't understand the "Maven config hassle" part though. :) Seems this requires an additional application installation and process, while the FindBugs is hooked into the Maven lifecycle. So you get it for free, and the reports will be generated/archived in history for each Hudson run.

              S,
              ALR

              • 4. Re: ShrinkWrap FindBugs
                aslak

                FindBugs alone is just a little report plugin def in maven. But then you want to ignore some of the x # of bugs it reports, so that makes more maven report config plus a find bug specific xml config..

                Combine the same effort with checkstyle, pmd, cpd, ckjm etc etc.. your maven pom becomes huge. Then try to get maven site to actually use all these with correct xrefs etc. this alone is impossible (last times I tried with a hierarchy maven struct) due to X # of bugs in site/report plugins..

                And after hours/days/weeks of tweaking, what your left with is a bunch of separate almost useless reports..

                Then multiply that efford with creating and maintaining the configuration for your 2-100 projects..

                With Sonar you get all of this more or less out of the box, and with the Hudson plugin you make sonar a part of your build cycle..

                And you have a centralized location for your reporting states/config..

                • 5. Re: ShrinkWrap FindBugs
                  alesj

                   

                  "aslak" wrote:

                  And after hours/days/weeks of tweaking, what your left with is a bunch of separate almost useless reports..

                  I find that FindBugz GUI quite useful.
                  And afair it's trivial to run it.

                  I guess the reports are better, as you can keep them around.
                  But you have to look at both in order to get anything done.

                  What I do is look, and immediately go and fix stuff,
                  not really caring what I had in the past.



                  • 6. Re: ShrinkWrap FindBugs
                    alrubinger

                    Yup.

                    I'm new to using static analysis too, so still figuring out how best to integrate it into my workflow. I do know that on first run it found a place I missed a defensive copy, so that was pretty cool/impressive.

                    S,
                    ALR

                    • 7. Re: ShrinkWrap FindBugs
                      aslak

                      Don't get me wrong, FindBugs is great!

                      When using Sonar you still use FindBugs, the only difference is that Sonar handles the configuration/collection/analysis/storage of your FindBugs results in a centralized way.

                      Simplifies your maven setup.

                      What the Sonar Maven plugin actually do is, contact the Sonar server, download the plugins needed to run the configuration defined, then run them and report the results back to the server.

                      • 8. Re: ShrinkWrap FindBugs
                        johnbailey

                        I use Hudson -> Maven -> FindBugs with success. I just prefer to use the Maven generated site to manage all my reports. I have run into problems with some of the Hudson plugins to read in static analysis reports, and the Maven site seems to work a bit better. It is also linked off the build page in Hudson, so it isn't much ore difficult to get to.

                        • 9. Re: ShrinkWrap FindBugs
                          kasali45

                          I did not now that thank you my friend