Spotbugs configuration for

I have a project setup on sonarcloud, and have been able to build my maven multi-module project, and then upload the results to sonarcloud for scanning by using

mvn sonar:sonar

Recently I wanted to extend our build to run spotbugs (with additional security rules). I’ve done this and now generate many spotbugsXml.xml files which contain these bug finds.

In my sonarcloud configuration I went to administration/external analyzers and add the filepath ‘**/spotbugsXml.xml’ to

However after rerunning my sonar script (which I could integrate into maven also) I see the same results as usual - I am unsure where to look for these new findBugs bugs? The xml files from my maven build do contain issues.

I also tried adding ‘"**/spotbugsXml.xml"’ to the command above, but it didn’t seem to help.

Am I missing/misunderstanding how this should work

1 Like

From it seems wildcards aren’t supported?

With 260 modules, and no way for spotbugs to (apparently) create a single report file for a multi module project I’m struggling a little to see how we can have the tools working together? – at least when done conventionally in maven by module (vs running the scan externally or perhaps with maven-exec-plugin so that there’s a single instance/file)

The answer appears to simply be to use target/spotbugsXml.xml as the parameter value.
Using this approach my reports were uploaded