As with the Checkstyle configuration, it is often useful in centralized build environments to bundle the PMD rules into a dedicated jar
file. The benefits of centralizing the FindBugs excludes file are, in my opinion, somewhat limited. While establishing a centralized set of Checkstyle and PMD rules often makes a lot of sense, the files to exclude from a FindBugs scan often depend on the sources of a particular project at hand, and are seldom generic enough to justify centralization.
The mechanism for creating a configuration resource artifact for PMD and FindBugs is very similar to the process used for Checkstyle: Create a new Maven project and store the PMD configuration file (e.g. pmd-rules.xml
) and the FindBugs excludes file (e.g. findbugs-excludes.xml
) in the src/main/resources
folder. As with Checkstyle, there is no need to configure the PMD of FindBugs plugin for this Maven project. Once you have created the artifact, perform an “mvn deploy
” and push the (versioned) artifact to a repository server.
Edit: See the “build-tools” project in https://github.com/mbeiter/util for an example on how to create PMD and FindBugs Maven configuration artifacts.