如何使用 spotbugs 创建自定义任务以在 gradle 中进行 运行 静态代码分析?

how to create a custom task using spotbugs to run static code analysis in gradle?

我正在尝试创建自定义 spotbugs 任务来进行静态代码分析。自从它的大项目。在执行过程中,gradle 抛出一些错误并最终导致构建失败。

我的自定义任务:


apply plugin: "com.github.spotbugs-base"

task customSpotbugs (type: com.github.spotbugs.snom.SpotBugsTask) {
    ignoreFailures = true
    effort = "default"
    reportLevel = "medium"
    classes = files("$project.buildDir/intermediates/javac/dxRelease/compileDxReleaseJavaWithJavac/classes")
    excludeFilter = file("$rootProject.rootDir/exclude.xml")
    reports {
        xml.enabled = false
        html.enabled = true
        html {
            stylesheet = 'fancy-hist.xsl'
        }
    }
}

dependencies {
    spotbugs 'com.github.spotbugs:spotbugs:4.0.0'
    spotbugsPlugins 'com.h3xstream.findsecbugs:findsecbugs-plugin:1.7.1'
}

错误:

The following classes needed for analysis were missing:
  androidx.room.EntityDeletionOrUpdateAdapter
  androidx.room.SharedSQLiteStatement
  androidx.room.EntityInsertionAdapter
..........
> Task :Domain:customSpotbugs FAILED
:Domain:customSpotbugs (Thread[Execution worker for ':' Thread 8,5,main]) completed. Took 2 hrs 0 mins 12.064 secs.

FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':Domain:customSpotbugs'.
> A failure occurred while executing com.github.spotbugs.snom.internal.SpotBugsRunnerForWorker$SpotBugsExecutor
   > Verification failed: SpotBugs execution thrown exception

* Try:
Run with --stacktrace option to get the stack trace. Run with --debug option to get more log output. Run with --scan to get full insights.

由于关于此的文档非常少,任何帮助将不胜感激.. 谢谢

我将堆大小从 1g 增加到 2g,并将 spotbugs 'com.github.spotbugs:spotbugs:4.0.0' 的版本从 4.0.0 更改为 4.1.1。它解决了我的问题。