I tried to set up a custom findbugs task with gradle which will have a different pluginClasspath than the default ones.
So the default tasks should use the default FindBugs rules while the custom one should use the findbugs-security rules. My configuration looks like this:
dependencies {
  findbugsPlugins 'com.h3xstream.findsecbugs:findsecbugs-plugin:1.4.4'
}
findbugs {
  // general config
}
task findbugsSecurity(type: FindBugs, dependsOn: classes) {
  classes = fileTree(project.sourceSets.main.output.classesDir)
  source = project.sourceSets.main.java.srcDirs
  classpath = files()
  pluginClasspath = files(configurations.findbugsPlugins.asPath)
}
However, if I run the findbugsMain task now, it also includes the checks from findbugs-security!
How can I configure it so that findbugs-security checks are only used in the custom task?
The deprecated FindBugs plugin has been removed. As an alternative, you can use the SpotBugs plugin from the Gradle Plugin Portal.
From the main menu, select Run | Edit Configurations to open the run/debug configuration for your project. icon. In the list that opens, select Run Gradle task. In the Select Gradle Task dialog, specify the project and the task that you want to execute before launching the project.
A “configuration” is a named grouping of dependencies. A Gradle build can have zero or more of them. A “repository” is a source of dependencies. Dependencies are often declared via identifying attributes, and given these attributes, Gradle knows how to find a dependency in a repository.
It sounds like configuring the findbugsSecurity task is also changing the behavior of findbugsMain as you've probably guessed.
The trick is to use a new configuration because Gradle will automatically look for dependencies for the findbugsPlugins configuration and that will apply to all invocations of findbugs (See pluginClasspath part of FindBugs DSL):
configurations {
   foo
}
dependencies {
  // Important that we use a new configuration here because Gradle will use the findbugsPlugins configurations by default
  foo 'com.h3xstream.findsecbugs:findsecbugs-plugin:1.4.4'
}
findbugs { /* whatever */ }
task findbugsSecurity(type: FindBugs, dependsOn: classes) {
  classes = fileTree(project.sourceSets.main.output.classesDir)
  source = project.sourceSets.main.java.srcDirs
  classpath = files()
  pluginClasspath = files(configurations.foo.asPath)
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With