Beneficial static analysis starter tool
September 09, 2022

Beneficial static analysis starter tool

Arush Soel | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User

Overall Satisfaction with Findbugs

I embedded it in my Azure Devops pipelines to scan the code for any existing bugs before generating the build. I used the Yaml code editor and classic build editor to use it as a task in the azure pipeline jobs for asp .net web application that was on the azure web app for windows and iis for on premises
  • Scan the code for existing bugs present
  • It can detect an vulnerabilities and also show possible bad warnings
  • Can help identify errors in advance to avoid code crash post deployment
  • It’s documentation is not always up to date
  • Difficulty in finding a prper solution when an issue arises during its configuration
  • has limited features
  • Its ability to detect code vulnerabilities
  • For testing team to spot any bugs when doing regression testing
  • Devops plugin to use it before generating the build artifacts
  • Its being used overall by most of the teams
  • Some of the teams migrating to another testing tool as it has limited features
  • Still recommend as its open source and beginners friendly
Sonar cloud has its own cloud where all the code vulnerabilities are collected and stored as a whole whereas its a plugin that is used in a code itself but the cons is that SonarCloud needs a license if you want to use it privately and also requires personal access token authentication if used with an external service

Do you think Findbugs delivers good value for the price?


Are you happy with Findbugs's feature set?


Did Findbugs live up to sales and marketing promises?

I wasn't involved with the selection/purchase process

Did implementation of Findbugs go as expected?


Would you buy Findbugs again?


Findbugs is best suited even when you want to adapt to certain coding conventions and discover possible bugs beforehand and it's best suited for the java open source. whether you are a developer or a DevOps engineer you can even use it as a plugin in your Jenkins pipeline or any other build automation server and your developer tool such as visual studio as well.