By alexismp on Apr 24, 2011
One of the great things about being a Java developer is the ability to use static analysis tool like FindBugs. Since there is really no reason not to use it, the GlassFish team started using FindBugs a little while back via Hudson and recently reached zero high priority errors in the main source repository. You can check the current status by visiting this page.
The nightly builds will actually fail if the high priority bug count does not remain at zero. We've now also started checking more workspaces and have a goal for GlassFish 3.2 to reduce all remaining errors by 1/3rd (details). If an engineer considers the report to be a false positive or a low priority to fix, the person to convince is Bill Shannon. It may be easier to fix the problem than to convince Bill...
At the risk of stating the obvious, let me leave you with a couple of assertions:
• static analysis doesn't depend on having good test cases and is not a replacement for testing
• developers can run FindBugs before checkin. But they don't.