Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
findsecbugs-plugin is a findbugs plugin to detect potential security bugs in Java code.
We should consider using this in our builds, at the very least, to triage potential security issues.
In the findbugs plugin's configuration section, we'd add:
<configuration> ... <plugin> <groupId>com.h3xstream.findsecbugs</groupId> <artifactId>findsecbugs-plugin</artifactId> <version>1.7.1</version> </plugin> </configuration>
See their website for details and docs: http://find-sec-bugs.github.io/