Skip to content

Filtering FindBugs reports by rank.

May 2, 2012

I’ve been messing with the FindBugs Ant task today to incorporate it into my company’s automated build for a JEE application. One task I wanted to do was filter the bug report by rank. There is an easy way to do this, which is documented here. However, the documentation is not clear on exactly how FindBugs uses the rank value. After some experimentation, I was able to deduce that the value in the rank tag is used differently depending on whether the XML filter file is specified as an “includeFilter” or “excludeFilter” in the FindBugs Ant task. When specifying rank in an “includeFilter”, the FindBugs report is filtered to contain only bugs with the rank value and above. When specifying rank in an “excludeFilter”, the  report is filtered to contain only bugs below the given rank.

So, for example, if you want only bugs of ranks 10 to 20 to show in your report you must include the attribute “includeFilter” in your findbugs task


Your findbugsFilter.xml would need to include a single reference to the Rank tag like this

  <Rank value="10"/>

On the other hand, if you want to see only bugs with ranks 1, 2 and 3, you must specify your filter as an “excludeFilter”


Your match tag should look like this

  <Rank value="4"/>

FindBugs appears to only use one  instance of the Rank tag.

I tried several ways to produce a filtered range of bugs in different, but useful ways such as ranks 4 – 9. However, there just doesn’t seem to be a logical way to do this. If you specify the Rank tag more than once or in an “includeFilter” and “excludeFilter” you get unexpected results. It appears that you can only rely on one Rank tag in one filter file.

I perused the code for the FindBugs Ant task for version 2.0.1 rc1 and did find an undocumented (at least not here) attribute “maxRank”. The comment from the source code defines this attribute to mean “maximum rank issue to be reported”. You can use it like this:

<findbugs home="${env.FINDBUGS.HOME}"

Defining that attribute will effectively filter the bugs so that only bugs with ranks 1 through 9 visible in the generated report.


I thought this part of the Ant task was particularly confusing and not documented sufficiently, even though it’s quite a useful feature. If I’ve made any mistakes in my assessment of filtering by bug rank, please leave a comment with a correction.

  1. Why don’t you try Sonar ( ) ? where you have detailed information about findbugs violations?

    • thewonggei permalink

      From what I’ve seen, Sonar is an excellent tool and I like it. I just don’t have the need for that expansive of a tool currently.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: