将 findsecbugs 插件与 Gradle 的 findbugs 插件集成

Question

我打算使用 findsecbugs plugin to scan java code for vulnerabilities using findbugs plugin. I am looking for configuration parameters to include in my build.gradle file. Something like this。

P.S.: 我可以将 FindBugs 插件与 Gradle.

一起使用

Answer 1

我尝试并找到了工作配置。在下面发布工作配置：

  apply plugin: 'java'  
  apply plugin: 'findbugs'    
  apply plugin: 'maven'  
  apply plugin: 'signing'  

  sourceCompatibility = 1.7

  dependencies {  

  findbugs 'com.google.code.findbugs:findbugs:3.0.0'
  findbugs configurations.findbugsPlugins.dependencies

  // Here we specify the findbugsPlugins
  findbugsPlugins 'com.h3xstream.findsecbugs:findsecbugs-plugin:1.2.0'
  }  
 task findbugs(type: FindBugs) {

  classes = fileTree(project.rootDir.absolutePath).include("**/*.class");
  source = fileTree(project.rootDir.absolutePath).include("**/*.java");
  classpath = files()
  pluginClasspath = project.configurations.findbugsPlugins

  findbugs {
   toolVersion = "3.0.0"
   sourceSets = [sourceSets.main]
   ignoreFailures = true
   reportsDir = file("$project.buildDir/findbugsReports")
   effort = "max"
   reportLevel = "high"
   includeFilter = file("$rootProject.projectDir/include.xml")
   excludeFilter = file("$rootProject.projectDir/exclude.xml")
  }

  tasks.withType(FindBugs) {
        reports {
                xml.enabled = false
                html.enabled = true
        }
  }
}

将 findsecbugs 插件与 Gradle 的 findbugs 插件集成

Integrating findsecbugs plugin with Gradle's findbugs plugin

findbugs

gradle