Jump to: navigation, search


findsecbugs implementation

The following will enable a project for findsecbugs security auditing.

The following plugins must be installed on Jenkins:

  • FindBugs Plug-in
  • Maven Integration plugin

The following entry is required in the plugins section of the pom.xml of each project.


Create the following files and content in the projects root folder (same location as pom.xml):

  • spotbugs-security-include.xml
       <Bug category="SECURITY"/>
  • spotbugs-security-exclude.xml
       <Bug category="SECURITY"/>

Select 'Configure' for the Jenkins Maven Build job of any project and place the following goal:


And the following 'Build Settings':


Now when you run a build, you should see the following findbugs result:



  1. html reporting
  2. gerrit comment hook (display result in gerrit comments)
  3. voting rights?