Is sonar-findbugs plugin really necessary or in most cases Sonarqube support for Java is adequate?

We just installed latest Enterprise edition Sonarqube 9.9.9 LTS. I’m thinking about not continuing with Findbugs plugin because Sonarqube support for Java seems mature enough not to require any additional plugins. We started using Findbugs with community SQ edition years ago, reportedly to improve Java coverage, but I don’t want to blindly continue using it just because it has been used in the past… Am I missing something?


Great question!

My answer would necessarily be biased. So instead I’m going to advise you to do a side-by-side comparison:

Look at all the issues raised by FindBugs - including any you’ve marked False Positive or Won’t Fix. For each one

  1. Is it correct? Is it useful?
  2. Is it also raised by SonarQube? (If not, is the comparable, native SonarQube rule enabled?)

For those that are correct & useful (1) but not raised by SonarQube (2), we’d love to hear about it. Hopefully that won’t be a very long list at all.