Skip to content

Remove SpotBugs Scanner

David Diederich requested to merge remove-spotbugs into master

There were some problems with the spotbugs scanner and Maven based builds of Java projects, which led to out of memory errors. For a short term workaround, we pinned to old versions of the spotbugs scanner container (See ci-cd-pipelines/scanners/gitlab-ultimate.yml#96).

GitLab ultimate decided not to fix this, and instead is pushing customers to use semgrep for java. That behavior was automatically enabled by the GitLab templates.

However, spotbugs is still in use for Groovy, Scala, and Koitlin. The presence of the src/test/resources/logback.groovy file is making GitLab think of this project as a Groovy project. The resulting spotbugs test runs against the maven configuration files, which could cause problems with memory constraints.

Merge request reports