软件CI

1、代码静态检查–findbugs
findbugs配置过滤规则
https://stackoverflow.com/questions/23550195/how-do-i-configure-the-findbugs-maven-plugin-to-only-check-for-annotation-violat

在pom.xml中配置使用findbugs插件

<plugin>
    <groupId>org.codehaus.mojo</groupId>
    <artifactId>findbugs-maven-plugin</artifactId>
    <version>2.4.0</version>
    <configuration>
        <excludeFilterFile>findbugs-exclude.xml</excludeFilterFile>
        <findbugsXmlOutput>true</findbugsXmlOutput>
        <xmlOutput>true</xmlOutput>
    </configuration>
</plugin>

The findbugs-exclude.xml file is in my project root directory (same level as pom.xml - I should probably put it somewhere better), and it configures what findbugs issues I want to ignore. Here’s what’s in my exclude file:

<?xml version="1.0" encoding="UTF-8"?>
<FindBugsFilter>
    <Match>
        <Bug pattern="EI_EXPOSE_REP,EI_EXPOSE_REP2"/>
    </Match>
    <Match>
        <Package name="com.mypackage.something"/>
    </Match>
</FindBugsFilter>

There’s more info about configuring the findbugs filter files in the findbugs manual
http://findbugs.sourceforge.net/manual/filter.html#

Maven集成Findbugs至compile阶段(excludeFilterFile 属性必须配置在 plugin 节点下)
https://blog.csdn.net/rainbow702/article/details/54138155

2、使用 SonarQube Scanner 进行代码分析 08月16日 2016
https://jaminzhang.github.io/ci/cd/Analyzing-code-with-SonarQube-Scanner/#top5

2.1、使用 Jenkins 与 Sonar 集成对代码进行持续检测 --曲世明 和 陈计云 2016 年 12 月 13 日
https://www.ibm.com/developerworks/cn/devops/1612_qusm_jenkins/index.html

2.2、SonarQube7.3安装和使用说明 2018-08-27
https://blog.csdn.net/weixin_40861707/article/details/82117232