Skip to content

Add configurable bug_categories input for SpotBugs scanning#18

Draft
Copilot wants to merge 2 commits intomainfrom
copilot/add-bug-category-support
Draft

Add configurable bug_categories input for SpotBugs scanning#18
Copilot wants to merge 2 commits intomainfrom
copilot/add-bug-category-support

Conversation

Copy link
Copy Markdown

Copilot AI commented Dec 16, 2025
edited
Loading

The action hardcoded -bugCategories SECURITY in the SpotBugs command, preventing users from scanning for other bug types like CORRECTNESS, PERFORMANCE, or MALICIOUS_CODE.

Changes

  • action.yml: Added bug_categories input parameter (default: SECURITY)

    • Replaced hardcoded SECURITY with "${INPUT_BUG_CATEGORIES}" in SpotBugs command
    • Documents all 10 available categories: SECURITY, BAD_PRACTICE, CORRECTNESS, PERFORMANCE, STYLE, MT_CORRECTNESS, I18N, MALICIOUS_CODE, EXPERIMENTAL, NOISE

  • README.md: Documented new parameter with usage examples

  • starter-workflow.yml: Added commented example

Usage

- uses: advanced-security/spotbugs-findsecbugs-action@vX.X.X
  with:
    bug_categories: 'SECURITY,MALICIOUS_CODE,CORRECTNESS'

Existing workflows continue to work unchanged (defaults to SECURITY).

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • spotbugs.readthedocs.io
    • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node /home/REDACTED/work/_temp/ghcca-node/node/bin/node --enable-source-maps /home/REDACTED/work/_temp/copilot-developer-action-main/dist/index.js (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

This section details on the original issue you should resolve

<issue_title>Add support for additional categories of bugs</issue_title>
<issue_description>Image

https://spotbugs.readthedocs.io/en/stable/bugDescriptions.html#

SECURITY appears hardcoded:

spotbugs-findsecbugs-action/action.yml

Line 138 in a63756c

"${SPOTBUGS_HOME}/bin/spotbugs" -maxHeap "${INPUT_RAM}" -textui -quiet -effort:max -low -bugCategories SECURITY -pluginList "${FINDSECBUGS_HOME}/findsecbugs-plugin-${INPUT_FINDSECBUGS_VERSION}.jar" -sarif=spotbugs.sarif ${SPOTBUGS_FILES}
</issue_description>

Comments on the Issue (you are @copilot in this section)

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

@felickz
Add bug_categories input parameter to support additional SpotBugs cat…
ad86ba6 
…egories

Co-authored-by: felickz <1760475+felickz@users.noreply.github.com>
Copilot AI changed the title [WIP] Add support for additional categories of bugs Add configurable bug_categories input for SpotBugs scanning Dec 16, 2025
Copilot AI requested a review from felickz December 16, 2025 18:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@felickz felickz Awaiting requested review from felickz

At least 1 approving review is required to merge this pull request.

Assignees

@felickz felickz

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add support for additional categories of bugs

2 participants

@felickz