SpotBugs is a software tool for static analysis of Java programs, which is free to download, use,  open-source and can be used in various ways. It can be installed as Eclipse Plugin, configured with Maven build as plugin and Gradle builds as a plugin. It is very handy while being used as an Eclipse plugin and it generates a detailed HTML report with Maven and Gradle builds.

Earlier it was known as FindBugs and hosted on SourceForge, but now it renamed to SpotBugs and moved on GIT.

SpotBugs official site on git is here https://spotbugs.github.io/ and repository is here https://github.com/spotbugs/spotbugs.

SpotBugs Eclipse Plugin

You can get every detail on-page of SpotBugs Eclipse plugin like installation and usages.

You can install it from the following update site from Eclipse. https://spotbugs.github.io/eclipse/

Or you can also install it from Eclipse Market Place as shown below. Just search SpotBugs and click the install button and follow instructions then restart the IDE.

Running SpotBugs in Eclipse

To use SpotBugs in Eclipse Just right click on the project and select SpotBugs in the context menu then click Find Bugs.

You can check bugs in SpotBugs view in eclipse and fix them.

SpotBugs Gradle Plugin

As currently, I am using Gradle for the build, this is my preferred place to use SpotBugs for static analysis of the code, as in every build it checks for bugs inserted my team.

You can get information from the official SpotBugs Gradle Plugin page.

For example, you can add SpotBugs in your build.gradle file as given below.

Add the following in sile plugins for spotbugs plugin

id 'com.github.spotbugs' version '4.5.0'

Add the following in repository

maven { url "https://plugins.gradle.org/m2/" }

You build.gradle should look like this.

SpotBugs Gradle Example

/*
 * This file was generated by the Gradle 'init' task.
 *
 * This generated file contains a sample Java Library project to get you started.
 * For more details take a look at the Java Libraries chapter in the Gradle
 * User Manual available at https://docs.gradle.org/6.3/userguide/java_library_plugin.html
 */

plugins {
    // Apply the java-library plugin to add support for Java Library
    id 'java-library'
    id 'com.github.spotbugs' version '4.5.0'
}

repositories {
    // Use jcenter for resolving dependencies.
    // You can declare any Maven/Ivy/file repository here.
    jcenter()
    maven {
      url "https://plugins.gradle.org/m2/"
    }
}

dependencies {
    // This dependency is exported to consumers, that is to say found on their compile classpath.
    api 'org.apache.commons:commons-math3:3.6.1'

    // This dependency is used internally, and not exposed to consumers on their own compile classpath.
    implementation 'com.google.guava:guava:28.2-jre'
    
    // Use JUnit test framework
    testImplementation 'junit:junit:4.12'
}
tasks.matching {task -> task.name.startsWith('spotbugs')}.forEach {
it.reports {
html.enabled = true
xml.enabled = false // spotbugs does not allow to generate a xml and html report at once https://github.com/spotbugs/spotbugs/issues/857
}
}

Now you can run SpotBugs with command

.gradlew check

Or from eclipse Gradle Tasks view
By default it generates XML report as location \build\reports\spotbugs, but in this example HTML report is enabled.

SpotBugs Maven Plugin

Just like Gradle, you can easily integrate SpotBugs plugin into your pom file.

<plugin>
  <groupId>com.github.spotbugs</groupId>
  <artifactId>spotbugs-maven-plugin</artifactId>
  <version>4.0.4</version>
  <dependencies>
    <!-- overwrite dependency on spotbugs if you want to specify the version of spotbugs -->
    <dependency>
      <groupId>com.github.spotbugs</groupId>
      <artifactId>spotbugs</artifactId>
      <version>4.1.2</version>
    </dependency>
  </dependencies>
</plugin>

And you can use spot bugs goal and check goal. check goal fails to build in case of any error.