FindBugs is a static analysis tool for Java code that searches for and reports on various code use that may result in bugs.
Whilst the tool can be noisy, it has detected real issues in plugins that have been reported in the wild.
The plugin builds on the projects CI server have the ability to run findbugs for your plugin as well as mark the build as unstable should FindBugs detect any potential issues.
This ability is turned off by default as many plugins require fixes in order to acheive a zero bug status, but it can be turned on by a CI admin, so if you desire this on your plugin please email the developer mailing list with a request that it be enabled.
As well as reporting on the CI system, you can configure Maven to run Findbugs locally and optionally fail the build. To enable this you will need to add the configuration from this gist to your POM. If you wish to fail the build if there are any issues then change findbugs.failOnError to true.
If you are using Plugin Parent POM 2.3 or later, local Findbugs execution is already configured and bounded to the verify lifecycle phase. The findbugs.failOnError is configured by default to true so if you may set manually to false if you don't want the build to break in the presence of Findbugs errors. Besides, the POM is prepared to automatically configure a Findbugs exclusion filter if a src/findbugs/excludesFilter.xml file is detected.
To fix Findbugs issues locally, just run the following command:
mvn findbugs:findbugs findbugs:gui -Dfindbugs.excludeFilterFile=src/findbugs/excludesFilter.xml