I like to check my code for potential bugs using Findbugs pre-commit. As Findbugs analysis can be time consuming I check only high priority potential bugs and let CI Server do the rest of code analysis and tests. A proper way to use Findbugs in this context is to enable it as part of dedicated profile with filter file specified – the goal is to fix the most dangerous issues fast and break the build due to static analysis less often on CI server. Doing full blown static code analysis would be counter productive in most cases.

There is a simple way to execute Findbugs with filter file on you developer sandbox, even in multi module projects. One way is described on Findbugs Maven plugin site. But as I experimented with it, I’ve found out that the tools project does not need to be in project structure that is being monitored, it only needs to be added as a dependency. This gives more possibilities of managing Findbugs filter files, as you don’t need to include another module aggregating project and use maven extension mechanism. You just include one library then specify which filter file you want to use. Below is snippet of aggregating project that gathers all modules and uses Findbugs for pre-commit analysis:

Filter file is located in src/main/resources folder of build-tools project.

Findbugs is enabled automatically and build will be broken if any potential bugs with High priority will be found. If you would like to create Findbugs report in addition to performing check then you need to add a dependency as a profile element child node: