For the latest updates and improvements, see the latest Cloud documentation instead.
Run SpotBugs¶
SpotBugs is available for Codacy Cloud and Codacy Self-hosted, with the following plugins: Find Security Bugs and FBContrib.
To run this tool:
- Enable the setting "Run analysis through build server" under your repository Settings > General > Repository analysis
- Compile your Java or Scala repository on your build server, as you would normally do
- Invoke
codacy-analysis-cli
on the root of the repository specifying the tool SpotBugs
codacy-analysis-cli analyse --tool spotbugs \
--directory <SOURCE-CODE-PATH> \
--project-token <PROJECT-TOKEN> \
--allow-network \
--codacy-api-base-url <API-BASE-URL> \
--upload \
--verbose
The Codacy CLI will then run SpotBugs on the compiled classes of your repository and upload these results to Codacy to be used in your workflow.
Detecting sources and compiled classes¶
Codacy tries to find the classes and map results to the files automatically. If you use Maven, Gradle and SBT then the default layouts are detected automatically as well.
You have the option to configure these paths manually if there is an issue with detection. To do so, add Codacy configuration file to the repository root - .codacy.yml:
---
engines:
spotbugs:
enabled: true
modules:
- classesDirectories: [ "core/target/classes" ]
sourceDirectories: [ "core/src/main" ]
- classesDirectories: [ "api/target/classes" ]
sourceDirectories: [ "api/src/main" ]
Increasing the timeout to run SpotBugs¶
When running SpotBugs on the compiled classes of larger projects, the default execution timeout of 15 minutes may not be enough for SpotBugs to complete the analysis.
To increase the timeout that each tool has to execute, use the option --tool-timeout
when invoking the codacy-analysis-cli
command.
For example, to set the timeout to 1 hour, run:
codacy-analysis-cli analyse --tool spotbugs \
--tool-timeout 1hour \
--directory <SOURCE-CODE-PATH> \
--project-token <PROJECT-TOKEN> \
--allow-network \
--codacy-api-base-url <API-BASE-URL> \
--upload \
--verbose
Share your feedback 📢
Did this page help you?
Thanks for the feedback! Is there anything else you'd like to tell us about this page?
255 characters left
We're sorry to hear that. Please let us know what we can improve:
255 characters left
Alternatively, you can create a more detailed issue on our GitHub repository.
Thanks for helping improve the Codacy documentation.
If you have a question or need help please contact support@codacy.com.