3466 Add findsecbugs spotbugs plugin

Author: ivicac

build.gradle.kts

@@ -20,7 +20,7 @@ dependencyManagement {
 
 versionCatalogUpdate {
     keep {
-        versions.addAll("checkstyle", "gradle-git-properties", "jackson", "jacoco", "java", "jib-gradle-plugin", "pmd", "spotbugs", "spring-ai", "spring-boot", "spring-cloud-aws", "spring-cloud-dependencies", "spring-shell")
+        versions.addAll("checkstyle", "findsecbugs", "gradle-git-properties", "jackson", "jacoco", "java", "jib-gradle-plugin", "pmd", "spotbugs", "spring-ai", "spring-boot", "spring-cloud-aws", "spring-cloud-dependencies", "spring-shell")
     }
 }
 
@@ -31,7 +31,7 @@ subprojects {
 
     dependencyManagement {
         dependencies {
-            dependency("com.github.spotbugs:spotbugs-annotations:[4.9.3,)")
+            dependency("com.github.spotbugs:spotbugs-annotations:[${rootProject.libs.versions.spotbugs.get()},)")
         }
     }
 
@@ -40,6 +40,8 @@ subprojects {
 
         implementation(platform(org.springframework.boot.gradle.plugin.SpringBootPlugin.BOM_COORDINATES))
 
+        spotbugsPlugins("com.h3xstream.findsecbugs:findsecbugs-plugin:${rootProject.libs.versions.findsecbugs.get()}")
+
         testCompileOnly(rootProject.libs.com.github.spotbugs.spotbugs.annotations)
 
         testImplementation("org.springframework.boot:spring-boot-starter-test")

cli/commands/component/init/openapi/src/main/java/com/bytechef/cli/command/component/init/openapi/ComponentInitOpenApiGenerator.java

@@ -96,6 +96,7 @@
 /**
  * @author Ivica Cardic
  */
+@SuppressFBWarnings("PATH_TRAVERSAL_IN")
 public class ComponentInitOpenApiGenerator {
 
     private static final Logger logger = LoggerFactory.getLogger(ComponentInitOpenApiGenerator.class);

cli/commands/component/src/main/java/com/bytechef/cli/command/component/ComponentCommand.java

@@ -17,6 +17,7 @@
 package com.bytechef.cli.command.component;
 
 import com.bytechef.cli.command.component.init.openapi.ComponentInitOpenApiGenerator;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.io.File;
 import org.springframework.shell.command.annotation.Command;
 import org.springframework.shell.command.annotation.Option;
@@ -57,6 +58,7 @@ public void init(
         }
     }
 
+    @SuppressFBWarnings("PATH_TRAVERSAL_IN")
     private void generateOpenApiComponent(
         String basePackageName, boolean internalComponent, String name, String openApiPath, String outputPath,
         int version) throws Exception {

gradle/libs.versions.toml

@@ -1,6 +1,7 @@
 [versions]
 checkstyle = "11.1.0"
 com-google-auto-service = "1.1.1"
+findsecbugs = "1.14.0"
 graalvm = "25.0.0"
 jackson = "2.19.2"
 jacoco = "0.8.13"

server/ee/libs/ai/ai-copilot/ai-copilot-service/src/main/java/com/bytechef/ee/ai/copilot/config/VectorStoreConfiguration.java

@@ -48,6 +48,7 @@
  */
 @Configuration
 @ConditionalOnProperty(prefix = "bytechef.ai.copilot", name = "enabled", havingValue = "true")
+@SuppressFBWarnings("PATH_TRAVERSAL_IN")
 public class VectorStoreConfiguration {
 
     private static final String CATEGORY = "category";

server/ee/libs/automation/automation-code-workflow-loader/src/main/java/com/bytechef/platform/codeworkflow/loader/automation/ProjectHandlerLoader.java

@@ -9,6 +9,7 @@
 
 import com.bytechef.ee.platform.codeworkflow.configuration.domain.CodeWorkflowContainer.Language;
 import com.bytechef.workflow.ProjectHandler;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.io.IOException;
 import java.net.URISyntaxException;
 import java.net.URL;
@@ -21,6 +22,7 @@
  *
  * @author Ivica Cardic
  */
+@SuppressFBWarnings("PATH_TRAVERSAL_IN")
 public class ProjectHandlerLoader {
 
     public static ProjectHandler loadProjectHandler(

server/ee/libs/automation/automation-configuration/automation-configuration-service/src/main/java/com/bytechef/ee/automation/configuration/facade/ProjectCodeWorkflowFacadeImpl.java

@@ -38,6 +38,7 @@
 @Service
 @Transactional
 @ConditionalOnEEVersion
+@SuppressFBWarnings("PATH_TRAVERSAL_IN")
 public class ProjectCodeWorkflowFacadeImpl implements ProjectCodeWorkflowFacade {
 
     private final CacheManager cacheManager;

server/ee/libs/config/tenant-multi-data-config/src/main/java/com/bytechef/ee/tenant/multi/sql/MultiTenantDataSource.java

@@ -23,6 +23,7 @@
  *
  * @author Ivica Cardic
  */
+@SuppressFBWarnings("SQL_INJECTION_JDBC")
 public class MultiTenantDataSource implements DataSource {
 
     private final DataSource dataSource;

server/ee/libs/core/tenant/tenant-multi-service/src/main/java/com/bytechef/ee/tenant/repository/TenantRepository.java

@@ -36,6 +36,7 @@
  * @author Ivica Cardic
  */
 @Repository
+@SuppressFBWarnings("SQL_INJECTION_JDBC")
 public class TenantRepository {
 
     private final DataSource dataSource;

server/ee/libs/embedded/embedded-unified/embedded-unified-service/src/main/java/com/bytechef/ee/embedded/unified/facade/UnifiedApiFacadeImpl.java

@@ -55,6 +55,7 @@
  */
 @Service
 @ConditionalOnEEVersion
+@SuppressFBWarnings("UNSAFE_HASH_EQUALS")
 public class UnifiedApiFacadeImpl implements UnifiedApiFacade {
 
     private static final Logger log = LoggerFactory.getLogger(UnifiedApiFacadeImpl.class);