[NEW RELEASE] sonar-findbugs-plugin 4.1.3


We are announcing new sonar-findbugs-plugin 4.1.3.

Detailed changelog: Release sonar-findbugs v4.1.3 · spotbugs/sonar-findbugs · GitHub
Download URL: https://repo.maven.apache.org/maven2/com/github/spotbugs/sonar-findbugs-plugin/4.1.3/sonar-findbugs-plugin-4.1.3.jar
SonarCloud: https://sonarcloud.io/summary/new_code?id=com.github.spotbugs%3Asonar-findbugs-plugin
PR for metadata: Release sonar-findbugs-plugin 4.1.3 by KengoTODA · Pull Request #293 · SonarSource/sonar-update-center-properties · GitHub

Thanks in advance!

Hello @ganncamp
Sorry, it looks like the formatting and the Sonarcould URL are still off, here’s the right link: https://sonarcloud.io/summary/new_code?id=com.github.spotbugs%3Asonar-findbugs-plugin&pullRequest=521
Thanks in advance!


The PR is in Draft status again.



Also, I’m going through a massive metadata cleanup triggered by a cleanup of the underlying architecture. That architecture cleanup removed the now-embedded analyzers, so the explicit requirement for java in this plugin now fails the metadata generation. I’m going to temporarily remove FindBugs from the Marketplace (so I can successfully complete the generation).

Would you please do one more point version without that requirement? (BTW, I’m probably talking about something specific to the SQ plugin metadata in your pom, rather than a Maven dependency…?)

Thanks and sorry!

Hi Ann,

Sorry about the PR in draft status, it is created automatically and I’m trying to reach out to @KengoTODA to get it marked as ready.

Regarding your question about the java dependency, the plugin does need the built-in SQ java plugin. In particular it uses org.sonar.plugins.java.api.JavaResourceLocator to find the .class files of the project.
In its current state the plugin wouldn’t work without it.
This is from the MANIFEST.MF of the .jar file:

Plugin-RequirePlugins: java:

I suppose that the SQ server reads that when loading the plugins.

Does this mean that going forward the dependency to the SQ java plugin will need to be dropped?
I’m not sure what you mean by “massive cleanup” :slight_smile:


Yes, I think that’s what needs to go away.

I mean I finally did the housekeeping to remove SQ versions <LTS from the Marketplace / Plugin Version Matrix. And that necessitated removing a lot of old plugin versions (that were only compatible with those removed SQ versions). And that led to removing some plugins that aren’t compatible with recent versions. :smiley:


Got it, I’ve made a new release here: [NEW RELEASE] sonar-findbugs-plugin 4.1.4
Please let me know if that’s any better.

If anyone is interested here’s the commit removing the dependency: deps: remove sonar-java plugin dependency · spotbugs/sonar-findbugs@1e6f702 · GitHub

1 Like