Using the SpotBugs Gradle Plugin

This chapter describes how to integrate SpotBugs into a build script for Gradle.

Use SpotBugs Gradle Plugin

Please follow instruction found on official Gradle Plugin page.

Note that SpotBugs Gradle Plugin does not support Gradle v6, you need to use v7.0 or later.

Tasks introduced by this Gradle Plugin

This Gradle Plugin generates task for each sourceSet generated by Gradle Java Plugin. For instance, if you have two sourceSets main and test, this plugin will generates two tasks: spotbugsMain and spotbugsTest.

Generated tasks uses compiled .class files as input, so it will run after java compilation runs (e.g. classes task). SpotBugs Gradle Plugin adds task dependency from check to these generated tasks, so you can simply run ./gradlew check to run SpotBugs.

If you do not want to generate tasks automatically, use the SpotBugs Base Plugin instead. This plugin does not generate tasks so you can configure from scratch.

Configure Gradle Plugin

This plugin uses the Extension to configure. Please check the document for SpotBugsExtension.

For instance, to specify the version of SpotBugs, you can configure like below:

spotbugs {
  toolVersion = '4.8.3'
}

Introduce SpotBugs Plugin

To introduce SpotBugs Plugin, please declare dependency in dependencies like below:

dependencies {
  spotbugsPlugins 'com.h3xstream.findsecbugs:findsecbugs-plugin:1.12.0'
}

Other usage

Visit the official README for detail.