SpotBugs is a program that uses static analysis to look for bugs in Java code. It can detect a variety of common coding mistakes, including thread synchronization problems, misuse of API methods.
| License | LGPL 3.0 |
|---|---|
| Categories | Sonar Plugins |
| Tags | plugingithubanalysissonarfindbugs |
| Organization | SpotBugs Team |
| HomePage | https://github.com/spotbugs/sonar-findbugs/ 🔍 Inspect URL |
| Date | Oct 30, 2024 |
| Files | pom (18 KB) sonar-plugin (39.6 MB) View All |
| Repositories | CentralElyxor Libs |
| Ranking | #658259 in MvnRepository (See Top Artifacts) #143 in Sonar Plugins |
| Vulnerabilities | Vulnerabilities from dependencies: CVE-2024-47072 |
Compile Dependencies (5)
| Category/License | Group / Artifact | Version | Updates | |
|---|---|---|---|---|
| Code Analyzer LGPL 2.1 | | com.github.spotbugs » spotbugs | 4.8.6 | 4.9.8 |
| XML Processing BSD 3-clause |  | com.thoughtworks.xstream » xstream1 vulnerability | 1.4.20 | 1.4.21 |
| I/O Apache 2.0 |  | commons-io » commons-io | 2.16.1 | 2.21.0 |
| Sonar Plugin |  | org.sonarsource.java » sonar-java-plugin | 8.0.1.36337 | 8.20.0.40630 |
LGPL 3.0 | | org.sonarsource.sslr-squid-bridge » sslr-squid-bridge | 2.7.1.392 | ✔ |
Provided Dependencies (4)
| Category/License | Group / Artifact | Version | Updates | |
|---|---|---|---|---|
LGPL |  | com.h3xstream.findsecbugs » findsecbugs-plugin | 1.13.0 | 1.14.0 |
LGPL |  | com.mebigfatguy.sb-contrib » sb-contrib | 7.6.4 | 7.7.0 |
| Logging MIT |  | org.slf4j » slf4j-api | 2.0.13 | 2.0.17 |
LGPL 3.0 | | org.sonarsource.api.plugin » sonar-plugin-api | 9.14.0.375 | 13.4.0.3221 |
Test Dependencies (8)
| Category/License | Group / Artifact | Version | Updates | |
|---|---|---|---|---|
| Assertion Apache 2.0 |  | org.assertj » assertj-core | 3.25.3 | 3.27.6 |
| Testing EPL 2.0 |  | org.junit.jupiter » junit-jupiter | 5.10.2 | 6.0.1 |
| Mocking MIT |  | org.mockito » mockito-core | 5.11.0 | 5.20.0 |
LGPL 3.0 | | org.sonarsource.api.plugin » sonar-plugin-api-test-fixtures | 10.7.0.2191 | 13.4.0.3221 |
LGPL 3.0 | | org.sonarsource.orchestrator » sonar-orchestrator | 4.9.0.1920 | 6.0.0.3852 |
LGPL 3.0 | | org.sonarsource.orchestrator » sonar-orchestrator-junit5 | 4.9.0.1920 | 6.0.0.3852 |
LGPL 3.0 | | org.sonarsource.sonarqube » sonar-ws | 9.9.5.90363 | 25.11.0.114957 |
| Testing BSD 3-clause |  | xmlunit » xmlunit | 1.6 | 2.11.0 |
Licenses
| License | URL |
|---|---|
| GNU LGPL 3 | http://www.gnu.org/licenses/lgpl.txt |
Developers
| Name | Dev Id | Roles | Organization | |
|---|---|---|---|---|
| Evgeny Mandrikov | godin | SonarSource | ||
| Nicolas Peru | benzonico | SonarSource |
Related Books
 | SonarQube in Action (2013) by Campbell, G. Ann |
 | SonarQube in Action (2013) by Papapetrou, Patroklos |
 | Sonar Code Quality Testing Essentials (2012) by S. Arapidis, Charalampos |