Using SpotBugs Annotations and SuppressWarnings in Java and Groovy Projects

During recent static testing of Java server‑side code, the author follows a loop: pull code locally, run SpotBugs via IntelliJ, record BUG information, fix bugs in ZenTao, have QA merge and regress the branch, and repeat until the branch reaches zero bugs.

For detailed bug type explanations, readers are directed to the official SpotBugs documentation at https://spotbugs.readthedocs.io/en/stable/bugDescriptions.html .

To use SpotBugs suppression annotations, the required dependency must be added. For Gradle:

// https://mvnrepository.com/artifact/com.google.code.findbugs/annotations
compile group: 'com.google.code.findbugs', name: 'annotations', version: '3.0.1'

For Maven:

com.google.code.findbugs
annotations
3.0.1

SpotBugs marks bugs in the source with a colored bug icon; clicking it or using IntelliJ quick‑fix shows four options, primarily clear (removes the current detection) and suppress (adds a @SuppressFBWarnings annotation). The annotation requires the bug type string, which can be found in the SpotBugs panel.

In Java, the annotation can be applied to a variable, method, or class. Single‑bug suppression examples:

@SuppressFBWarnings("DM_DEFAULT_ENCODING")
@SuppressFBWarnings(value = "ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD")

Multiple‑bug suppression example:

@SuppressFBWarnings({"MS_SHOULD_BE_FINAL","NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE","NS_DANGEROUS_NON_SHORT_CIRCUIT"})

Groovy supports the same logical suppression but uses a different array syntax. Single‑bug examples are identical, while multiple‑bug suppression uses square brackets:

@SuppressFBWarnings(["HE_EQUALS_USE_HASHCODE", "EQ_UNUSUAL", "MS_SHOULD_BE_FINAL"])

Because of the syntax differences, Groovy cannot automatically add the annotation; developers must insert it manually, which often leads to higher false‑positive rates.