FindBugs is shockingly useful. I've run it on Java code that I thought was bulletproof only to reveal synchronization errors. It's found real bugs for me in Colletion.remove() where I mistakenly passed an instance of the wrong type so the remove is guaranteed to silently fail.
The Eclipse and Ant plugins make FindBugs an integral part of my development.
Most of the static code analysis tools I've used over the years have shown a large amount of "noise" complaining about stylistic issues and a small amount of "value" detecting bugs in the code. This tool is different! The detected bugs make up the bulk of its reports.
I've used findbugs many different times and continue to be impressed with the accuracy of its assessments. It seems that the common mistakes it detects in the Java byte code are also common mistakes made by the programmers on my team, and we benefit by its analysis.
FindBugs provides important negative reinforcement when I fall into bad habits, for example, ignoring exceptions. My customer, your manager, and/or my peers might not notice, but FindBugs will. The certain knowledge that FindBugs will out my dodgy practices very effectively inhbits me from going down such roads in the first place.
I agree the signal/noise ratio of FindBugs is astonishing. In my experience with it, the number of false positives generated by FindBugs very closely approaches zero.
I especially like FindBugs in conjunction with the concurrency annotations package jcip-annotations, which further embarrasses me into rigorously obeying my own thread safety policies.
I found it very useful when you have junior developers in the team, this tool really helps them to learn good coding practices quicker.
I regret just that adding new rules can really be difficult depending on what you want to implement, if it was easier I think that senior developers could contribute more.
Simple to use, not too hard to master, with good support from IDEs and build tools like Ant and Maven, and amazingly accurate. This tool is a must have.
Certainly, it helps in improving the Java programming skills of any developer, even experienced ones.
Personally, I find it particularly useful in its analysis of Serialization related issues.
You use JUnit to test your code? You perform code reviews?
If yes, then here is the tool which will find test failures and review issues even before you build your application - just as you type. If not, here is the tool which (in few minutes) will give you the proof, that your code is not worth to be deployed at all, and a good reason to start testing your application and to review your code.
FindBugs works similar to the Java compiler: as soon as you hit CTRL+S, Eclipse will compile the code and start incremental bug analysis. FindBugs can find an amazing number of different bug patterns, which are sometimes hard to debug or to reproduce. FindBugs has a very small number of false positives. Even if you think that the code will never run in the highlighted issue, in many cases the tool open your eyes on "dirty" places in your code.
FindBugs is valuable for both beginner and experienced programmers. If you just start to write Java applications, the tool will help you to learn better programming practices by explaining you the reasons why the code should be written in a different way. FindBugs helps experienced developers to keep the code clean and to review other's code by simply running the analysis over the Java projects.
FindBugs uses unique bytecode scanning techniques to analyze compiled Java code. In most cases the critical and medium severity bugs found by FindBugs are real, serious programming errors, and not just coding style issues. This is the main differentiator to other similar tools like PMD and Checkstyle (both are source-code analyzer).
I cannot imagine to seriously develop Java software without FindBugs Eclipse plugin anymore. For those who knows Ant and Hudson: of course, they also have plugins for FindBugs, so that you can use same tool as in your IDE to analyze your software during automated tests.