FindBugs Java Code Analyzer updated to 1.3.9

FindBugsâ„¢ is a program to find bugs in Java programs. It looks for instances of "bug patterns" --- code instances that are likely to be errors.


  • New bug patterns; in some cases, bugs previous reported as other bug patterns are reported as instances of these new bug patterns in order to make it easier for developers to understand the bug reports
  • Providing a bug rank (1-20), and the ability to filter by bug rank. Eventually, it will be possible to specify your own rules for ranking bugs, but the procedure for doing so hasn’t been specified yet.
  • Fixed about 45 bugs filed through SourceForge
  • Various reclassifications and priority tweaks
  • Added more bug annotations to a variety of bug reports. This provides more context for understanding bug reports (e.g., if the value in question was is the return value of a method, the method is described as the source of the value in a bug annotation). This also provide more accurate tracking of issues across versions of the code being analyzed, but has the downside that when comparing results from FindBugs 1.3.8 and FindBugs 1.3.9 on the same version of code being analyzed, FindBugs may think that mistakenly believe that the issue reported by 1.3.8 was fixed and a new issue was introduced that was reported by FindBugs 1.3.9. While annoying, it would be unusual for more than a dozen issues per million lines of codes to be mistracked.
  • Lots of internal changes moving towards FindBugs 2.0, but these features are undocumented, not yet officially supported, and subject to radical changes before FindBugs 2.0 is released.

Post scriptum

Compliance Mandates

  • Code Auditing :

    PCI/DSS 6.3.6, 6.3.7, 6.6, SOX A12.8, GLBA 16CFR Part 314.4(b) and (2);FISMA RA-5, SC-18, SA-11 SI-2, and ISO 27001/27002 (12.4.1, 12.4.3, 12.5)

Related Articles

Code Auditing
Configurations checks