Beneficial static analysis starter tool
September 09, 2022
Beneficial static analysis starter tool
Score 7 out of 10
Vetted Review
Verified User
Overall Satisfaction with Findbugs
I embedded it in my Azure Devops pipelines to scan the code for any existing bugs before generating the build. I used the Yaml code editor and classic build editor to use it as a task in the azure pipeline jobs for asp .net web application that was on the azure web app for windows and iis for on premises
- Scan the code for existing bugs present
- It can detect an vulnerabilities and also show possible bad warnings
- Can help identify errors in advance to avoid code crash post deployment
- It’s documentation is not always up to date
- Difficulty in finding a prper solution when an issue arises during its configuration
- has limited features
- Its ability to detect code vulnerabilities
- For testing team to spot any bugs when doing regression testing
- Devops plugin to use it before generating the build artifacts
- Its being used overall by most of the teams
- Some of the teams migrating to another testing tool as it has limited features
- Still recommend as its open source and beginners friendly
Sonar cloud has its own cloud where all the code vulnerabilities are collected and stored as a whole whereas its a plugin that is used in a code itself but the cons is that SonarCloud needs a license if you want to use it privately and also requires personal access token authentication if used with an external service
Do you think Findbugs delivers good value for the price?
Yes
Are you happy with Findbugs's feature set?
Yes
Did Findbugs live up to sales and marketing promises?
I wasn't involved with the selection/purchase process
Did implementation of Findbugs go as expected?
Yes
Would you buy Findbugs again?
Yes