使用自定义FindBugs插件扩展SonarQube FindBugs插件

Question

We created a custom plugin for FindBugs (for clarity: this is a findbugs-plugin, not a sonar-plugin) and we want to extend the FindBugs sonar-plugin with our custom findbugs-plugin.

Currently we use SonarQube 5.1 with the FindBugs sonar-plugin 3.2.

Because our custom findbugs-plugin is a valid plugin for FindBugs, we thought that the most straightforward way to activate it is to use the plugin system of the FindBugs instance from our existing sonar-plugin but we were not able to find how to activate our findbugs-plugin this way.

We also tried to create a rules.xml and place our jar in sonar_home/extensions/rules/findbugs as described in https://jira.sonarsource.com/browse/SONAR-1481 but this does not seem to work with the FindBugs sonar-plugin version we are using.

What is the proper way to configure our version of SonarQube to pick up our custom FindBugs plugin? What steps do we need to take?

Answer 1

Your choices are forking the SonarQube FindBugs plugin and adding your rules alongside the Find Security Bugs rules (see this commit ), or creating a new plugin similar to how Find Security Bugs was handled before it was rolled into the FindBugs plugin.

In either case, you'll list your jar as a dependency in the pom.xml, provide the rules.xml you've already created, and add a repository definition .

If you go the stand-alone route, which is probably better, you'll need to

1. wait for a bug fix in 5.2
2. use the FindBugs repository key. See the 'before' side of this commit .
3. provide the needed basic plugin plumbing

EDIT: edited to add commit links & expand on requirements for stand-alone route.