Merge "Introduce spotbug plugin"
diff --git a/cps-bom/pom.xml b/cps-bom/pom.xml
index 520a484..7d023a5 100644
--- a/cps-bom/pom.xml
+++ b/cps-bom/pom.xml
@@ -51,6 +51,11 @@
<artifactId>checkstyle</artifactId>
<version>${project.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.onap.cps</groupId>
+ <artifactId>spotbugs</artifactId>
+ <version>${project.version}</version>
+ </dependency>
</dependencies>
</dependencyManagement>
</project>
\ No newline at end of file
diff --git a/cps-dependencies/pom.xml b/cps-dependencies/pom.xml
index a77deff..cf744e8 100755
--- a/cps-dependencies/pom.xml
+++ b/cps-dependencies/pom.xml
@@ -23,6 +23,7 @@
<modelmapper.version>2.3.8</modelmapper.version>
<spock-core.version>2.0-M2-groovy-3.0</spock-core.version>
<spock-spring.version>1.3-groovy-2.5</spock-spring.version>
+ <spotbugs.version>4.2.0</spotbugs.version>
<springboot.version>2.3.3.RELEASE</springboot.version>
<springfox.version>3.0.0</springfox.version>
<swagger.version>2.1.4</swagger.version>
@@ -109,6 +110,11 @@
<artifactId>postgresql</artifactId>
<version>${testcontainers.version}</version>
</dependency>
+ <dependency>
+ <groupId>com.github.spotbugs</groupId>
+ <artifactId>spotbugs</artifactId>
+ <version>${spotbugs.version}</version>
+ </dependency>
</dependencies>
</dependencyManagement>
</project>
diff --git a/cps-parent/pom.xml b/cps-parent/pom.xml
index 97dba3a..d3470df 100644
--- a/cps-parent/pom.xml
+++ b/cps-parent/pom.xml
@@ -26,7 +26,11 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<releaseNexusPath>/content/repositories/releases/</releaseNexusPath>
<repository.name>nexus3.onap.org:10001/onap/cps-service</repository.name>
+ <spotbugs-maven-plugin.version>4.1.3</spotbugs-maven-plugin.version>
<spring-boot-maven-plugin.version>2.3.3.RELEASE</spring-boot-maven-plugin.version>
+ <spotbugs.slf4j.version>1.8.0-beta4</spotbugs.slf4j.version>
+ <spotbugs.bug-pattern.version>1.5.0</spotbugs.bug-pattern.version>
+ <spotbugs.version>4.2.0</spotbugs.version>
<swagger-codegen-maven-plugin.version>3.0.18</swagger-codegen-maven-plugin.version>
<snapshotNexusPath>/content/repositories/snapshots/</snapshotNexusPath>
<tag.version>${project.version}</tag.version>
@@ -197,6 +201,66 @@
</to>
</configuration>
</plugin>
+ <plugin>
+ <groupId>com.github.spotbugs</groupId>
+ <artifactId>spotbugs-maven-plugin</artifactId>
+ <version>${spotbugs-maven-plugin.version}</version>
+ <dependencies>
+ <dependency>
+ <groupId>com.github.spotbugs</groupId>
+ <artifactId>spotbugs</artifactId>
+ <version>${spotbugs.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>spotbugs</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <!-- The SpotBugs Maven plugin uses SLF4J 1.8 beta 2 -->
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-simple</artifactId>
+ <version>${spotbugs.slf4j.version}</version>
+ </dependency>
+ </dependencies>
+ <configuration>
+ <plugins>
+ <plugin>
+ <groupId>jp.skypencil.findbugs.slf4j</groupId>
+ <artifactId>bug-pattern</artifactId>
+ <version>1.5.0</version>
+ </plugin>
+ </plugins>
+ <!--
+ Enables analysis which takes more memory but finds more bugs.
+ If you run out of memory, changes the value of the effort element
+ to 'Low'.
+ -->
+ <effort>Max</effort>
+ <!-- Reports all bugs (other values are medium and max) -->
+ <threshold>Low</threshold>
+ <!-- Build doesn't fail if problems are found -->
+ <failOnError>false</failOnError>
+ <!-- References the excluded rules -->
+ <excludeFilterFile>spotbugs-exclude.xml</excludeFilterFile>
+ <!-- Produces XML report -->
+ <xmlOutput>true</xmlOutput>
+ <!-- Configures the directory in which the XML report is created -->
+ <xmlOutputDirectory>${project.build.directory}/spotbugs</xmlOutputDirectory>
+ </configuration>
+ <executions>
+ <!--
+ Ensures that SpotBugs inspects source code when project is compiled.
+ -->
+ <execution>
+ <id>analyze-compile</id>
+ <phase>compile</phase>
+ <goals>
+ <goal>check</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
</plugins>
</pluginManagement>
<plugins>
@@ -360,6 +424,10 @@
</execution>
</executions>
</plugin>
+ <plugin>
+ <groupId>com.github.spotbugs</groupId>
+ <artifactId>spotbugs-maven-plugin</artifactId>
+ </plugin>
</plugins>
</build>
</project>
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index e5c6df3..2ff88c1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -34,5 +34,6 @@
<module>cps-rest</module>
<module>cps-ri</module>
<module>checkstyle</module>
+ <module>spotbugs</module>
</modules>
</project>
diff --git a/spotbugs/pom.xml b/spotbugs/pom.xml
new file mode 100644
index 0000000..133c4f7
--- /dev/null
+++ b/spotbugs/pom.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.onap.cps</groupId>
+ <artifactId>spotbugs</artifactId>
+ <version>0.0.1-SNAPSHOT</version>
+
+ <properties>
+ <nexusproxy>https://nexus.onap.org</nexusproxy>
+ <releaseNexusPath>/content/repositories/releases/</releaseNexusPath>
+ <snapshotNexusPath>/content/repositories/snapshots/</snapshotNexusPath>
+ </properties>
+
+ <distributionManagement>
+ <repository>
+ <id>ecomp-releases</id>
+ <name>ECOMP Release Repository</name>
+ <url>${nexusproxy}${releaseNexusPath}</url>
+ </repository>
+ <snapshotRepository>
+ <id>ecomp-snapshots</id>
+ <name>ECOMP Snapshot Repository</name>
+ <url>${nexusproxy}${snapshotNexusPath}</url>
+ </snapshotRepository>
+ </distributionManagement>
+</project>
\ No newline at end of file
diff --git a/spotbugs/src/main/resources/spotbugs-exclude.xml b/spotbugs/src/main/resources/spotbugs-exclude.xml
new file mode 100644
index 0000000..c46270c
--- /dev/null
+++ b/spotbugs/src/main/resources/spotbugs-exclude.xml
@@ -0,0 +1,27 @@
+<FindBugsFilter>
+ <Match>
+ <Or>
+ <!-- Anonymous inner classes are very common. -->
+ <Bug pattern="SIC_INNER_SHOULD_BE_STATIC_ANON" />
+
+ <!-- We use static slf4j Logger (this rule is from KengoTODA/findbugs-slf4j jp.skypencil.findbugs.slf4:bug-pattern) -->
+ <Bug pattern="SLF4J_LOGGER_SHOULD_BE_NON_STATIC" />
+
+ <!-- Guava 25.1+ uses the Checker Framework's @Nullable which SpotBugs doesn't handle correctly, even though it's
+ supposed to; see https://github.com/spotbugs/spotbugs/issues/743 -->
+ <Bug pattern="NP_NONNULL_PARAM_VIOLATION" />
+ <Bug pattern="NP_NULL_PARAM_DEREF" />
+ <Bug pattern="NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLE" />
+ <Bug pattern="RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE" />
+
+ <!-- https://github.com/spotbugs/spotbugs/issues/511. Strict reading of Object.equals() contract means that
+ evenever equals() behaviour is defined, all implementations need to adhere to it. The only reason
+ to override the method (assuming correct API design, of course) is to provide a more efficient
+ implementation. This rule would be forcing a @SuppressFBWarnings on perfectly compliant classes. -->
+ <Bug pattern="EQ_DOESNT_OVERRIDE_EQUALS"/>
+
+ <!-- https://github.com/spotbugs/spotbugs/issues/756. spotbugs does not grok Java 11's try-with-resources -->
+ <Bug pattern="RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE"/>
+ </Or>
+ </Match>
+</FindBugsFilter>