-
Notifications
You must be signed in to change notification settings - Fork 578
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document how to integrate FInd Security Bugs + FB-Contrib into Maven & Gradle plugins #540
Comments
The integration is more or less trivial, but you've right, one should improve our documentation. Regarding installation: all what you need is described here: https://github.com/spotbugs/spotbugs/tree/release-3.1/spotbugs/plugin. P.S. I see you request the same for maven & gradle: I honestly have no idea. |
is there anyone who can document it for Maven & Gradle? That is really the most likely integration scenario for SpotBugs... |
@jacek99 Bonus: Here are some samples application with configuration examples with special cases like JSP precompilation. https://github.com/find-sec-bugs/find-sec-bugs-demos |
I realised not all of the previous links are referring to spotbugs but findbugs instead. The configuration should be the same aside from the plugin reference. If you have something working, you can update the doc. |
Docs for grade plugin has a page for this usage: We have nothing for maven. |
Hi, I would like to contribute to the project. Is this issue still open? Let me know if I can help. Thanks! |
Well, https://spotbugs.readthedocs.io/en/latest/maven.html#add-spotbugs-maven-plugin-to-your-pom-xml doesn't say anything about how to configure plugins, although @iloveeclipse was correct in saying it doesn't take very much configuration. So yes, it's still open. |
#1758 closed this issue. |
The front page states we can integrate the find-security-bugs & fb-contrib,
but there is zero docs on how to actually do this from the Maven & Gradle plugins.
Pls document, especially the find-security-bugs since it's critical as a SAST tool.
The text was updated successfully, but these errors were encountered: