Getting SpotBugs working

I’m just starting to work with SonarQube as part of an evaluation, but I have an issue with the SpotBugs plugin which I can’t quite work out. If I run SpotBugs (4.0.1) from the command line on its own, I get a dereference error:
“Dereference of the result of readLine() without nullcheck in new com. …”

I can get the error to appear in SonarCube by including the SpotBugs output xml in the sonar scan properties. However, I have the SpotBugs(FindBugs) plugin installed in SonarQube so I thought I should be able to pick up the same bug without needing to run SpotBugs separately and include its output. Whatever I do I can’t seem to get the scanner to pick it up.

I can find the derefence rule by looking at the Rules in the SonarQube and it appears to be activated in the the FindBugs + FB_contrib quality profile, which I have applied to the project. However, when I run the code, the dereference error is not picked up. What am I missing here? I know the plugin is 4.0.0 but my separate SpotBugs installation is 4.0.1, but I don’t think that is the issue.

I’m using the CLI scanner.

  • Developer Edition Version 8.2 (build 32929
  • Findbugs** EXTERNAL ANALYSERS Analyze Java, Scala, Closure and JSP code with SpotBugs. 4.0.0

Hey Steve

spotbugs/sonar-findbugs is a community supported plugin, and the best place to find support is by raising an issue on the repo with the maintainers.

1 Like

Okay. Thanks.