Find Security Bugs is a SpotBugs plugin that performs automated security audits for Java, Android, Kotlin, Groovy, and Scala applications.
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
This tool is primarily used by developers and security auditors to detect security vulnerabilities in Java-based web and Android applications during development or code review. It integrates with SpotBugs to provide automated static analysis focused on security issues, helping teams identify and fix security flaws early in the software lifecycle.
Find Security Bugs requires SpotBugs as a prerequisite and works best when integrated into the build or CI process. Users should keep the plugin updated to benefit from the latest vulnerability detectors and improvements. While it supports multiple JVM languages, its primary focus is Java and Android security analysis.
Add the find-sec-bugs plugin dependency to your SpotBugs configuration or build tool (e.g., Maven or Gradle).
Use SpotBugs with the find-sec-bugs plugin enabled to analyze your Java or Android project.
Optionally, integrate with IDEs such as Eclipse or IntelliJ/Android Studio for in-IDE analysis.
For continuous integration, configure SpotBugs with find-sec-bugs in your CI pipeline.
Refer to the official website http://find-sec-bugs.github.io/ for detailed setup and usage guides.spotbugs -pluginList findsecbugs-plugin.jar -textui -effort:max -high <target-directory>
Run SpotBugs with the Find Security Bugs plugin to perform a detailed security audit on the specified project directory.
mvn com.github.spotbugs:spotbugs-maven-plugin:spotbugs
Execute SpotBugs analysis with Find Security Bugs enabled via Maven build lifecycle.