I've wrapped up SpotBugs/FindSecBugs in a bow 🎁 in a GitHub Action, so you can use it in GitHub Code Scanning - free for open source projects, and also available for paid users of GitHub Advanced Security.

SpotBugs and FindSecBugs work with JVM languages - Scala, Java, and Clojure, mainly.

https://github.com/marketplace/actions/spotbugs-with-findsecbugs

Point it at the results of the build, and go.

#GitHub #SAST #Scala #JVM #Clojure #Java #CodeSecurity #SpotBugs #FindSecBugs #DevSecOps #SDLC