Guide for migration from SpotBugs 3.1 to 4.0

for SpotBugs Users

  • SpotBugs now use SLF4J instead of calling STDERR/STDOUT directly. So when you run SpotBugs, it is recommended to have a SLF4J binding in classpath.
  • SQL files in SpotBugs project are dropped. Generally it does not affect your usage.
  • JNLP (Applet) support is dropped.

for Plugin Developers

  • The speed attribute of Detector element in findbugs.xml is deprecated.
  • The dependency on jaxen has been changed to runtime scope. Generally it does not affect your project because SpotBugs does not depend on it directly.
  • The dependency on Saxon-HE has added as a runtime scope dependency.
  • Some deprecated APIs have been removed, refer the javadoc and migrate to preferred API before you migrate to SpotBugs 4.0.

Guide for migration from FindBugs 3.0 to SpotBugs 3.1

com.google.code.findbugs:findbugs

Simply replace com.google.code.findbugs:findbugs with com.github.spotbugs:spotbugs.

<!-- for Maven -->
<dependency>
  <groupId>com.github.spotbugs</groupId>
  <artifactId>spotbugs</artifactId>
  <version>4.0.6</version>
</dependency>
// for Gradle
compile 'com.github.spotbugs:spotbugs:4.0.6'

com.google.code.findbugs:jsr305

JSR305 is already Dormant status, so SpotBugs does not release jsr305 jar file. Please continue using findbugs’ one.

com.google.code.findbugs:findbugs-annotations

Please depend on spotbugs-annotations instead.

<!-- for Maven -->
<dependency>
  <groupId>com.github.spotbugs</groupId>
  <artifactId>spotbugs-annotations</artifactId>
  <version>4.0.6</version>
  <optional>true</optional>
</dependency>
// for Gradle
compileOnly 'com.github.spotbugs:spotbugs-annotations:4.0.6'

com.google.code.findbugs:annotations

Please depend on both of spotbugs-annotations and net.jcip:jcip-annotations:1.0 instead.

<!-- for Maven -->
<dependency>
  <groupId>net.jcip</groupId>
  <artifactId>jcip-annotations</artifactId>
  <version>1.0</version>
  <optional>true</optional>
</dependency>
<dependency>
  <groupId>com.github.spotbugs</groupId>
  <artifactId>spotbugs-annotations</artifactId>
  <version>4.0.6</version>
  <optional>true</optional>
</dependency>
// for Gradle
compileOnly 'net.jcip:jcip-annotations:1.0'
compileOnly 'com.github.spotbugs:spotbugs-annotations:4.0.6'

FindBugs Ant task

Please replace findbugs-ant.jar with spotbugs-ant.jar.

<taskdef
  resource="edu/umd/cs/findbugs/anttask/tasks.properties"
  classpath="path/to/spotbugs-ant.jar" />
<property name="spotbugs.home" value="/path/to/spotbugs/home" />

<target name="spotbugs" depends="jar">
  <spotbugs home="${spotbugs.home}"
            output="xml"
            outputFile="bcel-fb.xml" >
    <auxClasspath path="${basedir}/lib/Regex.jar" />
    <sourcePath path="${basedir}/src/java" />
    <class location="${basedir}/bin/bcel.jar" />
  </spotbugs>
</target>

FindBugs Maven plugin

Please use com.github.spotbugs:spotbugs-maven-plugin instead of org.codehaus.mojo:findbugs-maven-plugin.

<plugin>
  <groupId>com.github.spotbugs</groupId>
  <artifactId>spotbugs-maven-plugin</artifactId>
  <version>4.0.4</version>
  <dependencies>
    <!-- overwrite dependency on spotbugs if you want to specify the version of spotbugs -->
    <dependency>
      <groupId>com.github.spotbugs</groupId>
      <artifactId>spotbugs</artifactId>
      <version>4.0.6</version>
    </dependency>
  </dependencies>
</plugin>

FindBugs Gradle plugin

Please use spotbugs plugin found on https://plugins.gradle.org/plugin/com.github.spotbugs

plugins {
  id  'com.github.spotbugs' version '4.4.1'
}
spotbugs {
  toolVersion = '4.0.6'
}

// To generate an HTML report instead of XML
tasks.withType(com.github.spotbugs.snom.SpotBugsTask) {
  reports.xml.enabled = false
  reports.html.enabled = true
}

FindBugs Eclipse plugin

Please use following update site instead.