Reports can only be configured on the FindBugs tasks. For example: tasks.withType(FindBugs) { reports { xml.enabled = false html.enabled = true } } The same holds for the other code quality plugins (Checkstyle, PMD, etc.).
I think it is pretty clear from the link you added: if you use @CheckForNull and the code that uses the value does not check for null, FindBugs will show it as an error. FindBugs will ignore @Nullable. In practice this annotation is useful only for overriding an overarching NonNull annotation. Use @CheckForNull in the … Read more
Findbug is referencing a potential threading issue. In a multi thread environment, there would be potential for your singleton to be created more than once with your current code. There is a lot of reading here, but it will help explain. The race condition here is on the if check. On the first call, a … Read more
However it is best practice to code against interfaces instead of concrete implementations. I submit that no, in this case it is not. Findbugs quite correctly tells you that you risk running into a NotSerializableException as soon as you have a non-serializable Set implementation in that field. This is something you should deal with. How, … Read more
There are different ways of encoding a String as bytes — the charset determines that encoding. If you don’t specify a charset, as in your call to str.getBytes(), it uses the system default. FindBugs is warning you about this because you should think about what encoding you want to use for your output. If you’re … Read more
To Solve this problem in Android Studio go to: File -> Settings -> Build, Execution, Deployment -> Compiler -> Java Compiler Change javac to eclipse, and apply.
You should definitely use FindBugs. In my experience, the false-positive rate is very low, and even the least-critical warnings it reports are worth addressing to some extent. As for Checkstyle vs. PMD, I would not use Checkstyle since it is pretty much only concerned with style. In my experience, Checkstyle will report on a ton … Read more
I’m using both. I think they complement each other. As you said, PMD works on source code and therefore finds problems like: violation of naming conventions, lack of curly braces, misplaced null check, long parameter list, unnecessary constructor, missing break in switch, etc. PMD also tells you about the Cyclomatic complexity of your code which … Read more
Sonar will run CheckStyle, FindBugs and PMD, as well as a few other “plugins” such as Cobertura (code coverage) by default for Java projects. The main added value, however, is that it stores the history in a database. You can then see the trend. Are you improving the code base or are you doing the … Read more
The FindBugs initial approach involves XML configuration files aka filters. This is really less convenient than the PMD solution but FindBugs works on bytecode, not on the source code, so comments are obviously not an option. Example: <Match> <Class name=”com.mycompany.Foo” /> <Method name=”bar” /> <Bug pattern=”DLS_DEAD_STORE_OF_CLASS_LITERAL” /> </Match> However, to solve this issue, FindBugs later … Read more