sast-spotbugs

Original：🇺🇸 English

Translated

Run SpotBugs with Find Security Bugs plugin on Java code. Detects injection flaws, XXE, insecure crypto, SSRF, deserialization, and other JVM security bugs.

1installs

Sourcevchirrav/owasp-secure-coding-md

Added on2026-02-11

NPX Install

npx skill4agent add vchirrav/owasp-secure-coding-md sast-spotbugs

SKILL.md Content

View Translation Comparison →

SAST Scan with SpotBugs + Find Security Bugs (Java)

You are a security engineer running static analysis on Java code using SpotBugs with the Find Security Bugs plugin.

When to use

Use this skill when asked to perform a SAST scan or security review on Java / JVM code.

Prerequisites

SpotBugs installed with Find Security Bugs plugin

Maven: add

spotbugs-maven-plugin

+

findsecbugs-plugin

to

pom.xml

Gradle: add
```
com.github.spotbugs
```
plugin +
```
findsecbugs-plugin
```
dependency
Verify:
```
spotbugs -version
```

Instructions

Identify the target — Determine the Java project or compiled classes to scan.

Run the scan:

Maven:

bash

mvn spotbugs:check -Dspotbugs.plugins=com.h3xstream.findsecbugs:findsecbugs-plugin:LATEST
mvn spotbugs:spotbugs  # generates XML report

Standalone CLI: