I used to use FindBugs plugin in my Java projects to detect and learn about issues and potential issues in my source code.

Even FindBugs is no longer maintained we have an alternative called SpotBugs.

It requires Maven version 3.1.1 to be executed

Is not so different to use, just add the plugin like any other plugin in your pom.xml file:

<plugin>
    <groupId>com.github.spotbugs</groupId>
    <artifactId>spotbugs-maven-plugin</artifactId>
    <version>3.1.11</version>
    <executions>
        <execution>
            <goals>
                <goal>check</goal>
                <goal>gui</goal>
                <goal>help</goal>
                <goal>spotbugs</goal>
            </goals>
            <id>check</id>
        </execution>
    </executions>
    <configuration>
        <foo>bar</foo>
    </configuration>
</plugin>

And then execute:

mvn spotbugs:check

After checking our code we may display our bugs in a friendly manner

mvn spotbugs:gui

Method may fail to close stream
The method creates an IO stream object, does not assign it to any fields, pass it to other methods that might close it, or return it, and does not appear to close the stream on all paths out of the method.  This may result in a file descriptor leak.  It is generally a good idea to use a finally block to ensure that streams are closed.

Example error message when we forget to close streams

Tip: normally we don’t want to execute SpotBugs every time we compile our project so let’s create a profile to skip it

<profile>
    <id>default</id>
    <properties>
        <spotbugs.skip>true</spotbugs.skip>
    </properties>
    <activation>
        <activeByDefault>true</activeByDefault>
    </activation>
</profile>

And let’s create a profile to execute it:

<profile>
    <id>runSpotBugs</id>
    <properties>
        <spotbugs.skip>false</spotbugs.skip>
    </properties>
</profile>

And execute like this:

mvn clean install -PrunSpotBugs

Photo by Bud Helisson on Unsplash