As with the Checkstyle configuration, it is often useful in centralized build environments to bundle the PMD rules into a dedicated
jar file. The benefits of centralizing the FindBugs excludes file are, in my opinion, somewhat limited. While establishing a centralized set of Checkstyle and PMD rules often makes a lot of sense, the files to exclude from a FindBugs scan often depend on the sources of a particular project at hand, and are seldom generic enough to justify centralization.
The mechanism for creating a configuration resource artifact for PMD and FindBugs is very similar to the process used for Checkstyle: Create a new Maven project and store the PMD configuration file (e.g.
pmd-rules.xml) and the FindBugs excludes file (e.g.
findbugs-excludes.xml) in the
src/main/resources folder. As with Checkstyle, there is no need to configure the PMD of FindBugs plugin for this Maven project. Once you have created the artifact, perform an “
mvn deploy” and push the (versioned) artifact to a repository server.