[FB-Discuss] Project status

Tagir Valeev amaembo at gmail.com
Tue Nov 1 23:03:07 EDT 2016


Hello!

I personally switched to developing static analysis in IntelliJ IDEA.
IntelliJ IDEA community edition [1] is free and open-source and has really
good static analyzer. It also could be launched in headless batch mode on
CI server, etc. (outputting results as XML). I don't know how it integrates
with various CI systems (it definitely has good integration with TeamCity
though), but writing CI plugins to support IDEA should not be very hard. It
manipulates source code rather than bytecode, thus the results are more
precise. Also it has really good code model which makes developing new
inspections much easier, compared to FindBugs. Of course it has pluggable
architecture, so custom plugins could be developed as well (there's free
DevKit IDEA plugin which helps to develop custom plugins). It has most of
FindBugs diagnostics (many with quick-fixes available). It supports pretty
well Java-8 and Java-9 and actively developed, so for me it's much more
productive to enhance IDEA than trying to support FindBugs.

With best regards,
Tagir Valeev.

[1] https://github.com/JetBrains/intellij-community

On Wed, Nov 2, 2016 at 7:17 AM, Kelly O'Hair <kellyohair at gmail.com> wrote:

> There is something to said for a project that doesn’t change, makes it
> predictable at least. ;)
>
> I have hundreds of projects that use findbugs as part of a GIT merge to
> master branch check, all built into the Gradle builds.
> My experience with Sonar was that it wasn’t something we could run as part
> of the build or verification before we allowed a merge into the master
> branch.
> We just apply the findbugs gradle plugin and setup our default rules,
> nothing to it, we block anyone adding new findbugs issues.
>
> So fork it or not, but I would not question it’s value as a command line
> tool. We use Sonar too, but it is more for an 'after the fact' report,
> mostly something for managers to look at, pretty graphs and all (shiny
> objects :). We have discovered that if developers are not blocked at the
> time the issue is created, they will ignore you and all the after reports
> and warnings.
>
> -kto
>
> > On Nov 1, 2016, at 4:24 PM, Oliver B. Fischer <o.b.fischer at swe-blog.net>
> wrote:
> >
> > Hi Nicolai,
> >
> > I am "only" a user of findbugs and I use it in several projects. We
> don't have Sonar Qube. We simply need something checking our stuff during a
> build.
> >
> > Oliver
> >
> > Am 01.11.16 um 22:19 schrieb Nicolai Parlog:
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA256
> >>
> >>  Hi!
> >>
> >> I'm just a bystander and am going to play devil's advocate here, so
> >> please feel free to ignore what I say. :)
> >>
> >> But... is FindBugs still relevant? Personally I feel like Sonar has
> >> surpassed it in many aspects including UX and agility. Maybe FindBugs
> >> has done its deed and it is simply time to step down now.
> >>
> >> A different perspective: Considering the effort of forking the
> >> project, setting up new infrastructure, and advertising its mere
> >> existence - how much time is going to go into code? Are you sure you
> >> can keep up with this?
> >>
> >>      https://github.com/SonarSource/sonarqube/commits/master
> >>
> >> Now, this is not based on many facts - I'd love to see see some, e.g.
> >> regarding market share or rule overlap.
> >>
> >> I hope I wasn't too crass and hurt no feelings.
> >>
> >>  so long ... Nicolai
> >>
> >>
> >>
> >> On 01.11.2016 21:53, Juan Martín Sotuyo Dodero wrote:
> >>> Hi everyone,
> >>>
> >>> Over the last week I've been talking with several members of the
> >>> FindBugs community and so far we all share the same worries.
> >>> FindBugs is stagnant due to the prolonged absence of Bill Pugh.
> >>>
> >>> It's hard to imagine a future for FindBugs where no one can update
> >>> the SourceForge pages, make a release on SourceForge, enable a CI
> >>> server such as Travis, add members to the GitHub organization or
> >>> even publish to Maven Central.
> >>>
> >>> Currently only Andrey Loskutov sees to be active. I've seen him
> >>> trying to get Bill to perform many of these tasks over the past,
> >>> and retrying recently, but time keeps passing. It's been 9 months
> >>> since he requested to update the site
> >>> <https://github.com/findbugsproject/findbugs/issues/80> and 13
> >>> since people requested to enable Travis
> >>> <https://github.com/findbugsproject/findbugs/pull/48>.
> >>>
> >>> I would like to know if anyone has any knowledge of Bill's current
> >>> status. His github page <https://github.com/billpugh> shows he has
> >>> been working sporadically over the last year, but always on other
> >>> projects.
> >>>
> >>> I strongly believe the team needs to get reorganized, but I fear
> >>> without Bill to grant accesses, this is next to impossible. Myself
> >>> and those I've contacted dread this horrible idea, but fear that
> >>> the only way forward as things stand is forking FindBugs. This is
> >>> clearly a last resource, and under no circumstance our first
> >>> choice; but as months keep passing, it seems ever more appealing.
> >>>
> >>> Is there any way the current situation can be reverted? Can we
> >>> help in any way?
> >>>
> >>> Shall there not be, we are most likely to start a new organization
> >>> and adopt a different name (FindBugs is trademarked), but would
> >>> probably commit to keeping binary compatibility (public APIs) to
> >>> minimize transition cost for anyone moving with us. Everyone
> >>> willing to contribute would be more than welcomed.
> >>>
> >>> Once again, we would rather not have to take this course. I hope
> >>> it can be avoided for the sake of FindBugs.
> >>>
> >>> Thanks for your time
> >>>
> >>>
> >>>
> >>> _______________________________________________ Findbugs-discuss
> >>> mailing list Findbugs-discuss at cs.umd.edu
> >>> https://mailman.cs.umd.edu/mailman/listinfo/findbugs-discuss
> >>>
> >> - --
> >> PGP Key:
> >>     http://keys.gnupg.net/pks/lookup?op=vindex&search=
> 0xCA3BAD2E9CCCD509
> >>
> >> Web:
> >>     http://codefx.org
> >>         a blog about software development
> >>     https://www.sitepoint.com/java
> >>         high-quality Java/JVM content
> >>     http://do-foss.de
> >>         Free and Open Source Software for the City of Dortmund
> >>
> >> Twitter:
> >>     https://twitter.com/nipafx
> >> -----BEGIN PGP SIGNATURE-----
> >>
> >> iQIcBAEBCAAGBQJYGQb8AAoJEMo7rS6czNUJ1iIP/12/jR4LonnwCh80ZcJRtG5b
> >> HxQgShbCUaaL78Q5UYpuzVg3XErvGN+u97tmBKJEJ66xSgYfc//0Iv6pdKBEPo1l
> >> lslnSXqlu+E6IdGl7yAOcNRnejDG11FFQ3WNZTYBc4gS5d67PrkWDaww6l6Yfiqm
> >> zShf70IAwS4+uIN9EwqUqEBN9PV59XuIvwnwwqZ7CUUWdpIbHkUBrdmJWc64j1Hk
> >> 6jsurp8prU0zxhrUDTNM7vdYA2h2OIMboGb/L0hT4RuhQTys0GEPDJJt88C8C3fQ
> >> 2PSO2Bt/MxC7GJ9dEcTrsZ9JeZ72+jaaMrdea8XAKnR3uPTWN6GTvDcryjzmJhja
> >> J5rZ1r/RJ7HrVvjskP0yiIlr5xiAwpEpVo4nwBsa6xfCE+nBtyfOx/UMlMemWosE
> >> jA6c5qpGiCYjlZ2hs0KNmO+a904yEU2wZrMCi+f1H79W5wSKbMYNveZ7MyA1Z2ie
> >> nLdGFWAzQ3dKWwsjLFGqHBLQr6iQs6R3qfXKZPuDnlEnlHjejBXLwRUV+Hay/7KL
> >> d5Q6HHBR55rfAg4UV98DbxqWDL/Pfk230MLVXQOeq91S+xF4OpVefuDqk5Jq4KZn
> >> oqqXhMOoqicH9ejAAYj5v+vQZ1Ah5vpOYNJHbx3m5SN5EG1bH6ysWeJ4+TbINDEp
> >> IXV0ly61dnCxhxS5/5VD
> >> =ALxV
> >> -----END PGP SIGNATURE-----
> >> _______________________________________________
> >> Findbugs-discuss mailing list
> >> Findbugs-discuss at cs.umd.edu
> >> https://mailman.cs.umd.edu/mailman/listinfo/findbugs-discuss
> >
> > --
> > N Oliver B. Fischer
> > A Schönhauser Allee 64, 10437 Berlin, Deutschland/Germany
> > P +49 30 44793251
> > M +49 178 7903538
> > E o.b.fischer at swe-blog.net
> > S oliver.b.fischer
> > J oliver.b.fischer at jabber.org
> > X http://xing.to/obf
> >
> > _______________________________________________
> > Findbugs-discuss mailing list
> > Findbugs-discuss at cs.umd.edu
> > https://mailman.cs.umd.edu/mailman/listinfo/findbugs-discuss
>
> _______________________________________________
> Findbugs-discuss mailing list
> Findbugs-discuss at cs.umd.edu
> https://mailman.cs.umd.edu/mailman/listinfo/findbugs-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.cs.umd.edu/pipermail/findbugs-discuss/attachments/20161102/c5cf3aa2/attachment-0001.html>


More information about the Findbugs-discuss mailing list