SpotBugs is a program that uses static analysis to look for bugs in Java code. It can detect a variety of common coding mistakes, including thread synchronization problems, misuse of API methods.
| License | LGPL 3.0 |
|---|---|
| Categories | Sonar Plugins |
| Tags | plugingithubanalysissonarfindbugs |
| Organization | SpotBugs Team |
| HomePage | https://github.com/spotbugs/sonar-findbugs/ 🔍 Inspect URL |
| Date | Sep 09, 2022 |
| Files | pom (17 KB) sonar-plugin () View All |
| Repositories | CentralElyxor Libs |
| Ranking | #658259 in MvnRepository (See Top Artifacts) #143 in Sonar Plugins |
| Vulnerabilities | Vulnerabilities from dependencies: CVE-2024-47554 CVE-2024-47072 CVE-2022-41966 View 1 more ... |
Compile Dependencies (4)
| Category/License | Group / Artifact | Version | Updates | |
|---|---|---|---|---|
| Code Analyzer LGPL 2.1 | | com.github.spotbugs » spotbugs | 4.7.2 | 4.9.8 |
| XML Processing BSD 3-clause |  | com.thoughtworks.xstream » xstream3 vulnerabilities | 1.4.19 | 1.4.21 |
| I/O Apache 2.0 |  | commons-io » commons-io1 vulnerability | 2.8.0 | 2.21.0 |
LGPL 3.0 |  | org.sonarsource.sslr-squid-bridge » sslr-squid-bridge | 2.7.0.377 | 2.7.1.392 |
Provided Dependencies (5)
| Category/License | Group / Artifact | Version | Updates | |
|---|---|---|---|---|
LGPL |  | com.h3xstream.findsecbugs » findsecbugs-plugin | 1.12.0 | 1.14.0 |
LGPL |  | com.mebigfatguy.sb-contrib » sb-contrib | 7.4.7 | 7.7.0 |
| Logging MIT |  | org.slf4j » slf4j-api | 1.7.30 | 2.0.17 |
| Sonar Plugin | | org.sonarsource.java » sonar-java-plugin | 5.13.1.18282 | 8.20.0.40630 |
LGPL 3.0 | | org.sonarsource.sonarqube » sonar-plugin-api | 7.9 | 13.4.0.3221 |
Test Dependencies (6)
| Category/License | Group / Artifact | Version | Updates | |
|---|---|---|---|---|
| Assertion Apache 2.0 |  | org.assertj » assertj-core | 3.21.0 | 3.27.6 |
| Testing EPL 2.0 |  | org.junit.jupiter » junit-jupiter | 5.8.2 | 6.0.1 |
| Mocking MIT |  | org.mockito » mockito-core | 4.2.0 | 5.20.0 |
LGPL 3.0 | | org.sonarsource.orchestrator » sonar-orchestrator | 3.37.0.87 | 6.0.0.3852 |
LGPL 3.0 | | org.sonarsource.sonarqube » sonar-ws | 9.1.0.47736 | 25.11.0.114957 |
| Testing BSD 3-clause |  | xmlunit » xmlunit | 1.6 | 2.11.0 |
Licenses
| License | URL |
|---|---|
| GNU LGPL 3 | http://www.gnu.org/licenses/lgpl.txt |
Developers
| Name | Dev Id | Roles | Organization | |
|---|---|---|---|---|
| Evgeny Mandrikov | godin | SonarSource | ||
| Nicolas Peru | benzonico | SonarSource |
Related Books
 | SonarQube in Action (2013) by Campbell, G. Ann |
 | SonarQube in Action (2013) by Papapetrou, Patroklos |
 | Sonar Code Quality Testing Essentials (2012) by S. Arapidis, Charalampos |