SpotBugs is available for Codacy Cloud and Codacy Self-hosted, with the following plugins:
To run this tool:
- Enable the setting Run analysis through build server in your repository Settings, tab General, Repository analysis.
- Compile your Java or Scala repository on your build server, as you would normally do.
If you're using Codacy Self-hosted you must also specify the endpoint where the Codacy instance is running either by using the flag
--codacy-api-base-urlor the environment variable
codacy-analysis-cli analyze --tool spotbugs \ --directory <SOURCE-CODE-PATH> \ --project-token <PROJECT-TOKEN> \ --allow-network \ --upload \ --verbose
The Codacy CLI will then run SpotBugs on the compiled classes of your repository and upload these results to Codacy to be used in your workflow.
Detecting sources and compiled classes¶
Codacy tries to find the classes and map results to the files automatically. If you use Maven, Gradle, and SBT then the default layouts are detected automatically as well.
If there is an issue with detection, you can configure these paths manually by adding a Codacy configuration file
.codacy.yml to the repository root:
--- engines: spotbugs: enabled: true modules: - classesDirectories: [ "core/target/classes" ] sourceDirectories: [ "core/src/main" ] - classesDirectories: [ "api/target/classes" ] sourceDirectories: [ "api/src/main" ]
Increasing the timeout to run SpotBugs¶
When running SpotBugs on the compiled classes of larger projects, the default execution timeout of 15 minutes may not be enough for SpotBugs to complete the analysis.
To increase the timeout that each tool has to execute, use the option
--tool-timeout when running the Codacy Analysis CLI. For example, use
--tool-timeout 1hour to set the timeout to one hour.