Here is the step by step approach to running FindBugs 2.0.2 on a Windows machine for generating a report (I really had a hard time understanding those docs which nowhere clearly describe how to use the command line mode of findbugs):
Step1: Download the findbugs-2.0.2.zip file from the following URL and extract it:
http://findbugs.sourceforge.net/downloads.html
Step2: Suppose the directory to which it is extracted is this:
D:\Softwares\findbugs-2.0.2
Step3 : add the path to the /bin folder of findbugs to the environment path variable in MY Computer. In current case we ‘ve added the following path to the environment variable: D:Softwaresfindbugs-2.0.2bin
setting PATH variables
Click OK a number of times till all the open pop-ups are closed.
Step4 : To check whether we’ve set the path properly, simple open a command prompt and type findbugs command. If the GUI of findbugs opens up it implies that the path is set properly. In case of error it should show something like: “findbugs” is not recognized as an internal or external command.
Running in Command Line mode:
This is the most powerful mode for running findbugs. Most of the options are available for command line execution only.
producing HTML file report:
findbugs -textui -maxHeap 1500 -nested:false -output results/output.html -effort:max -low -sortByClass -html:fancy.xsl -auxclasspath ../lib/servlet-api.jar <your, to be analyzed, WAR file name with extension>
Explanation of the command above:
findbugs: The main command to invoke the findbugs tool for code analysis. (only valid when the path mentioned in step 2 is set properly.
-textui: to run the command line user interface.
-maxHeap
-nested [: true|false]: specifies whether or not to analyze the nested jar and zip files which may be part of the target file list. Default is true.
-output : produce the output in the specified file.
-effort[: min|max]: This is used to set the precision level of analysis. A higher precision would mean more bugs reported and more memory requirement.
-[low|medium|high]: to specify the priority of bugs which should be reported.
-sortByClass: sort the reported bug instances by class name.
-html: To generate HTML output. This type of output is often directly presentable. As an option we may specify the XSLT style sheet to be used while generating this output. Default style-sheet in use is default.xsl (can be found in the findbugs.jar or with the source and binary distribution). Variants of the option include:- -html:fancy.xsl, -html:plain.xsl and -html:fancy-hist.xsl.
-auxclasspath: Set the auxiliary class-path for analysis. This class-path can include all the external/ third party jar files that your project may refer but which you do not want to be analyzed. (Seems to be broken as on specification of auxclasspath, findbugs reports bugs in those packages also which are part of this auxclasspath.
There are still many more available options detailed in the documentation offered with findbugs. You may wish to try those as well and play around with the command above to see their functionality.
Thank you so much for this.
How did u find these options?
There is nothing in the documentation that mentions bout HTML report generation.
The HTML report looks good too.
These were mostly trial and error things… Got access to some private documents where some reference was provided. (Can’t share them due to intellectual property laws.)
Please spend some time to rate the post.
doesn’t work for me – keep getting ‘no files to analyze’
findbugs -textui -html:fancy.xsl -auxclasspath [path to bin] -sourcepath [path to src]
I do not think there is any ‘-sourcepath‘ option for the command.
Anyway, just try with the updated command. The command wasn’t displaying completely earlier due to those <> symbols being interpreted as tags in HTML. I’ve updated the page now, hope it works fine now.
Apologies for such a late update of the page, I should’ve taken more care while posting this thing.
Command is not working for me,I want to run it on a directory which contains some folders of java files.Seems there is a problem with Auxpath.
Page is updated, please check if the complete command works now.
Apologies for such a late update of the page, I should’ve taken more care while posting it in the first place.
Here is a link to our alternate site for the same post (opens in new window): findbugs on projectcodebank