Maven Findbugs plugin not executing with mvn site command - maven

I'm trying to get Findbugs working with an existing/mature Maven project.
I added the following to the <plugins> tag in my pom.xml:
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<version>3.0.5</version>
<configuration>
<effort>Max</effort>
<threshold>Low</threshold>
<xmlOutput>true</xmlOutput>
</configuration>
</plugin>
I then see that the Findbugs plugin runs when you run mvn site. Since the build invocation for my project is aleady:
mvn clean jacoco:prepare-agent test site jxr:jxr -Dkey1=123 -Dkey2=456 -Denvironment=DEV
...I just run it like I normally do. The build succeeds and I go to my normal site summary in my browser:
No where from here can I find any "Findbugs" reports or anything that mentions Findbugs at all. When I do a grep for Findbugs (grep -rl "findbugs" .) I do see that many of my ./target/surefire-reports/TEST-*.xml files have the term "findbugs" mentioned in them.
Worth mentioning that I do not see a target/site/findbugs.html file after the successful build...
Any ideas as to where I can find HTML Findbugs output under my Site summary (or anywhere else)? Looking for a nice HTML report showing which (if any) Findbugs checks failed.

You should add the FindBugs plugin in the <plugins> section of the <reporting> section of your pom.xml:
<project>
...
<reporting>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<version>3.0.5</version>
</plugin>
</plugins>
</reporting>
...
</project>
The question just states <plugins>, not sure if that could be the issue.

Related

running secbugs maven plugin from command line/ maven plugin configuration parameters in command line

maybe this is a generic question with regards to how to transfer maven plugin paramters from the pom.xml to the commandline, but I have usually done this without problems using the method below. For the find-security-bugs plugin, however, it is not working.
The find-security-bugs plugin docu says that you can configure the plugin in your pom.xml as follows:
<plugins>
[...]
<plugin>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<version>4.7.2.1</version>
<configuration>
<includeFilterFile>spotbugs-security-include.xml</includeFilterFile>
<plugins>
<plugin>
<groupId>com.h3xstream.findsecbugs</groupId>
<artifactId>findsecbugs-plugin</artifactId>
<version>1.12.0</version>
</plugin>
</plugins>
</configuration>
</plugin>
</plugins>
I would like to do the same, but cannot do any changes to the pom.xml I'm testing, so would have to specify everything in the command line.
I'm running (from powershell, therefore the quotation marks):
mvn com.github.spotbugs:spotbugs-maven-plugin:4.7.2.1:check -"Dplugins.plugin.groupId=com.h3xstream.findsecbugs" -"Dplugins.plugin.artifactId=findsecbugs-plugin" -"Dplugins.plugin.version=1.12.0" -"DincludeFilterFile=secbugsfilter.xml"
but the parameters are not used. Is there any way to run a plugin with a configuration like this from the command line without specifying anything in the pom?

Maven Surefire report is overwriting previous report

Every time i'm executing my tests using maven it write the results over the previous results...
is there a way to generate the outputs on a folder with timestamp? or any other solution?
You can personalize the report name in your plugin configuration:
<project>
[...]
<reporting>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-report-plugin</artifactId>
<version>2.20</version>
<configuration>
<outputName>desired_name</outputName>
</configuration>
</plugin>
</plugins>
</reporting>
[...]
</project>
You can then concatenate a name with the timestamp in your pom: ${maven.build.timestamp}
Taken from here.
Additionally, you can also specify the output folder of your report. It is all there in the plugin documentation page.

Code Coverage not populated after sonar analysis

I am using sonarqube5.6.1.
I have a multi module project for which i am running sonar analysis using the below command.
mvn org.sonarsource.scanner.maven:sonar-maven-plugin:3.1.1:sonar -Dsonar.host.url=http://bamboo.in.XXX.com:8085 -Dsonar.analysis.mode=publish -Dsonar.issuesReport.html.enable=true -Dsonar.dynamicAnalysis=false
But code coverage is not getting populated at all.
Can some one help. I could see the below warnings, Not sure if that's the reason.
[INFO] Process project properties
[WARNING] /!\ A multi-module project can't have source folders, so '/ssdd5/sameenud/dev/trunk/AAAA/BBBB/CCCC/DDDD/src/main/java' won't be used for the analysis. If you want to analyse files of this folder, you should create another sub-module and move them inside it.
The folder structure we have is as below,
AAAA
--BBBB
pom.xml
---CCCC
pom.xml
---DDDD
pom.xml
I tried compiling it manual, But no luck, Same problem.
I had the similar issue, 0.0% coverage & no unit tests count on Sonar dashboard with SonarQube 6.7.2:
Maven : 3.5.2,
Java : 1.8,
Jacoco : Worked with 7.0/7.9/8.0,
OS : Windows
After a lot of struggle finding for correct solution, resolved issue with this configuration my parent pom looks like:
<properties>
<!--Sonar -->
<sonar.java.coveragePlugin>jacoco</sonar.java.coveragePlugin>
<sonar.dynamicAnalysis>reuseReports</sonar.dynamicAnalysis>
<sonar.jacoco.reportPath>${project.basedir}/../target/jacoco.exec</sonar.jacoco.reportPath>
<sonar.language>java</sonar.language>
</properties>
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.5</source>
<target>1.5</target>
</configuration>
</plugin>
<plugin>
<groupId>org.sonarsource.scanner.maven</groupId>
<artifactId>sonar-maven-plugin</artifactId>
<version>3.4.0.905</version>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>0.7.9</version>
<configuration>
<destFile>${sonar.jacoco.reportPath}</destFile>
<append>true</append>
</configuration>
<executions>
<execution>
<id>agent</id>
<goals>
<goal>prepare-agent</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</pluginManagement>
</build>
I've tried few other options like jacoco-aggregate & even creating a sub-module by including that in parent pom but nothing really worked & this is simple. I see in logs <sonar.jacoco.reportPath> is deprecated,but still works as is and seems like auto replaced on execution or can be manually updated to <sonar.jacoco.reportPaths> or latest. Once after doing setup, in cmd start with mvn clean install then mvn org.jacoco:jacoco-maven-plugin:prepare-agent install & then do mvn sonar:sonar , this is what I've tried please let me know if some other best possible solution available.Hope this helps!! If not please post your question..
SonarQube (and more specifically SonarJava analyzer) is not computing the coverage. You have to provide a coverage report in order for the analysis to import its results in the SonarQube UI and display coverage.
See the documentation for more information on how to achieve this.

How to configure FindBugs to run only on one project in a multi-module maven project

I use the findbugs-maven-plugin to check for bugs with maven. My maven project is a multi-module project that roughly looks as follows:
java-module
pom.xml
src/ ...
pom.xml
scala-module
pom.xml
src/ ...
I use Jenkins to build and test the project, and Jenkins runs goal findbugs:findbugs in the top-most directory. Since FindBugs reports many spurious warnings for code that is generated by the Scala compiler, I would like to tell FindBugs not to analyze the code in scala-module. However, when I run findbugs:findbugs in the top-most directory, it always analyzes all classes in java-module and scala-module. How can I tell maven to ignore scala-module as a whole? I know about FindBugs exclude filters but I would to have a configuration option for FindBugs that tells it to simply not analyze the code in a certain submodule.
FindBugs is configured in pom.xml in subdirectory java-module as follows:
<reporting>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<version>${version.plugin.codehaus.findbugs}</version>
<configuration>
<findbugsXmlOutput>true</findbugsXmlOutput>
<findbugsXmlWithMessages>true</findbugsXmlWithMessages>
<xmlOutput>true</xmlOutput>
</configuration>
</plugin>
</plugins>
</reporting>
Despite the configuration being done only for the java-module, FindBugs will always also analyze scala-module.
Add a configuration the scala-module pom.xml that explicitly instructs findbugs to skip the module, i.e.
<reporting>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
</plugins>
</reporting>
Note that Maven often requires you to repeat boilerplate XML for cases like this.
Noahlz's answer did not work for me, but adding the following snippet to the sub-module's POM.xml did the trick.
<properties>
<findbugs.skip>true</findbugs.skip>
</properties>

How to included bundled rulesets in maven pmd plugin

I have a custom ruleset definition that refers to a bunch of rules from bundled rulesets. However, I have problems with resolving these bundled rulesets in the maven pmd plugin. Here is a related question with a quick'n'dirty solution for this problem. However, I was wondering whether there might be a clean solution for this problem (because I think that this is a rather common usecase, or?).
In the following I'm describing the attempts that I tried so far:
<build>
<pluginManagement>
<plugins>
...
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<version>${maven-pmd-plugin.version}</version>
<configuration>
<linkXref>true</linkXref>
<rulesets>
<ruleset>my_pmd_ruleset.xml</ruleset>
</rulesets>
<failsOnError>false</failsOnError>
<source>${java.source.version}</source>
<target>${java.source.version}</target>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
I defined the maven pmd plugin (version 3.0.1) with my custom ruleset (and Java 1.6) in build/plugin management section of my parent pom as well as in the reporting section. I got many of the following warnings:
[WARNING] Failure executing PMD: Unable to find referenced rule UnusedModifier;
perhaps the rule name is mispelled?
I tried to refer to all utilised bundled rulesets:
<build>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
<version>${maven-pmd-plugin.version}</version>
<configuration>
<linkXref>true</linkXref>
<rulesets>
<ruleset>rulesets/java/coupling.xml</ruleset>
<ruleset>rulesets/java/design.xml</ruleset>
<ruleset>rulesets/java/controversial.xml</ruleset>
<ruleset>rulesets/java/codesize.xml</ruleset>
<ruleset>rulesets/java/clone.xml</ruleset>
<ruleset>rulesets/java/braces.xml</ruleset>
<ruleset>rulesets/java/basic.xml</ruleset>
<ruleset>rulesets/java/finalizers.xml</ruleset>
<ruleset>rulesets/java/imports.xml</ruleset>
<ruleset>rulesets/java/unit.xml</ruleset>
<ruleset>rulesets/java/logging-jakarta-commons.xml</ruleset>
<ruleset>rulesets/java/logging-java.xml</ruleset>
<ruleset>rulesets/java/migrating.xml</ruleset>
<ruleset>rulesets/java/naming.xml</ruleset>
<ruleset>rulesets/java/optimizations.xml</ruleset>
<ruleset>rulesets/java/strictexception.xml</ruleset>
<ruleset>rulesets/java/strings.xml</ruleset>
<ruleset>rulesets/java/sunsecure.xml</ruleset>
<ruleset>rulesets/java/typeresolution.xml</ruleset>
<ruleset>rulesets/java/unusedcode.xml</ruleset>
<ruleset>my_pmd_ruleset.xml</ruleset>
</rulesets>
<failsOnError>false</failsOnError>
<source>${java.source.version}</source>
<target>${java.source.version}</target>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
There I'm getting always the following error:
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-pmd-plugin:3.0.1:pmd (pmd) on project my_project: An error has occurred in PMD Report report generation. Could not find resource 'rulesets/java/unit.xml'
The maven pmd plugin depends on pmd, so the bundled rulesets should be part of the classpath, or? The Maven pmd plugin manual says that bundled rulesets should be defined with a relative path and custom rulesets with an absolute path. However, I think that it can also read my custom ruleset via a relative path, because it is part of the classpath.
I also tried other thing, e.g., explicit additional dependency definition of pmd in the maven pmd plugin. However, without any success so far :\

Resources