bytechefhq · ivicac · Oct 18, 2025
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -20,7 +20,7 @@ dependencyManagement {
 
 versionCatalogUpdate {
     keep {
-        versions.addAll("checkstyle", "gradle-git-properties", "jackson", "jacoco", "java", "jib-gradle-plugin", "pmd", "spotbugs", "spring-ai", "spring-boot", "spring-cloud-aws", "spring-cloud-dependencies", "spring-shell")
+        versions.addAll("checkstyle", "findsecbugs", "gradle-git-properties", "jackson", "jacoco", "java", "jib-gradle-plugin", "pmd", "spotbugs", "spring-ai", "spring-boot", "spring-cloud-aws", "spring-cloud-dependencies", "spring-shell")
     }
 }
 
@@ -31,7 +31,7 @@ subprojects {
 
     dependencyManagement {
         dependencies {
-            dependency("com.github.spotbugs:spotbugs-annotations:[4.9.3,)")
+            dependency("com.github.spotbugs:spotbugs-annotations:[${rootProject.libs.versions.spotbugs.get()},)")
         }
     }
 
@@ -40,6 +40,8 @@ subprojects {
 
         implementation(platform(org.springframework.boot.gradle.plugin.SpringBootPlugin.BOM_COORDINATES))
 
+        spotbugsPlugins("com.h3xstream.findsecbugs:findsecbugs-plugin:${rootProject.libs.versions.findsecbugs.get()}")
+
         testCompileOnly(rootProject.libs.com.github.spotbugs.spotbugs.annotations)
 
         testImplementation("org.springframework.boot:spring-boot-starter-test")

diff --git a/...n/java/com/bytechef/cli/command/component/init/openapi/ComponentInitOpenApiGenerator.java b/...n/java/com/bytechef/cli/command/component/init/openapi/ComponentInitOpenApiGenerator.java
@@ -96,6 +96,7 @@
 /**
  * @author Ivica Cardic
  */
+@SuppressFBWarnings("PATH_TRAVERSAL_IN")
 public class ComponentInitOpenApiGenerator {
 
     private static final Logger logger = LoggerFactory.getLogger(ComponentInitOpenApiGenerator.class);

diff --git a/...commands/component/src/main/java/com/bytechef/cli/command/component/ComponentCommand.java b/...commands/component/src/main/java/com/bytechef/cli/command/component/ComponentCommand.java
@@ -17,6 +17,7 @@
 package com.bytechef.cli.command.component;
 
 import com.bytechef.cli.command.component.init.openapi.ComponentInitOpenApiGenerator;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.io.File;
 import org.springframework.shell.command.annotation.Command;
 import org.springframework.shell.command.annotation.Option;
@@ -57,6 +58,7 @@ public void init(
         }
     }
 
+    @SuppressFBWarnings("PATH_TRAVERSAL_IN")
     private void generateOpenApiComponent(
         String basePackageName, boolean internalComponent, String name, String openApiPath, String outputPath,
         int version) throws Exception {

diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
@@ -1,6 +1,7 @@
 [versions]
 checkstyle = "11.1.0"
 com-google-auto-service = "1.1.1"
+findsecbugs = "1.14.0"
 graalvm = "25.0.1"
 jackson = "2.19.2"
 jacoco = "0.8.13"

diff --git a/...lot-service/src/main/java/com/bytechef/ee/ai/copilot/config/VectorStoreConfiguration.java b/...lot-service/src/main/java/com/bytechef/ee/ai/copilot/config/VectorStoreConfiguration.java
@@ -48,6 +48,7 @@
  */
 @Configuration
 @ConditionalOnProperty(prefix = "bytechef.ai.copilot", name = "enabled", havingValue = "true")
+@SuppressFBWarnings("PATH_TRAVERSAL_IN")
 public class VectorStoreConfiguration {
 
     private static final String CATEGORY = "category";

diff --git a/.../main/java/com/bytechef/platform/codeworkflow/loader/automation/ProjectHandlerLoader.java b/.../main/java/com/bytechef/platform/codeworkflow/loader/automation/ProjectHandlerLoader.java
@@ -9,6 +9,7 @@
 
 import com.bytechef.ee.platform.codeworkflow.configuration.domain.CodeWorkflowContainer.Language;
 import com.bytechef.workflow.ProjectHandler;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.io.IOException;
 import java.net.URISyntaxException;
 import java.net.URL;
@@ -21,6 +22,7 @@
  *
  * @author Ivica Cardic
  */
+@SuppressFBWarnings("PATH_TRAVERSAL_IN")
 public class ProjectHandlerLoader {
 
     public static ProjectHandler loadProjectHandler(

diff --git a/...n/java/com/bytechef/ee/automation/configuration/facade/ProjectCodeWorkflowFacadeImpl.java b/...n/java/com/bytechef/ee/automation/configuration/facade/ProjectCodeWorkflowFacadeImpl.java
@@ -38,6 +38,7 @@
 @Service
 @Transactional
 @ConditionalOnEEVersion
+@SuppressFBWarnings("PATH_TRAVERSAL_IN")
 public class ProjectCodeWorkflowFacadeImpl implements ProjectCodeWorkflowFacade {
 
     private final CacheManager cacheManager;

diff --git a/...lti-data-config/src/main/java/com/bytechef/ee/tenant/multi/sql/MultiTenantDataSource.java b/...lti-data-config/src/main/java/com/bytechef/ee/tenant/multi/sql/MultiTenantDataSource.java
@@ -23,6 +23,7 @@
  *
  * @author Ivica Cardic
  */
+@SuppressFBWarnings("SQL_INJECTION_JDBC")
 public class MultiTenantDataSource implements DataSource {
 
     private final DataSource dataSource;

diff --git a/...enant-multi-service/src/main/java/com/bytechef/ee/tenant/repository/TenantRepository.java b/...enant-multi-service/src/main/java/com/bytechef/ee/tenant/repository/TenantRepository.java
@@ -36,6 +36,7 @@
  * @author Ivica Cardic
  */
 @Repository
+@SuppressFBWarnings("SQL_INJECTION_JDBC")
 public class TenantRepository {
 
     private final DataSource dataSource;

diff --git a/...d-service/src/main/java/com/bytechef/ee/embedded/unified/facade/UnifiedApiFacadeImpl.java b/...d-service/src/main/java/com/bytechef/ee/embedded/unified/facade/UnifiedApiFacadeImpl.java
@@ -55,6 +55,7 @@
  */
 @Service
 @ConditionalOnEEVersion
+@SuppressFBWarnings("UNSAFE_HASH_EQUALS")
 public class UnifiedApiFacadeImpl implements UnifiedApiFacade {
 
     private static final Logger log = LoggerFactory.getLogger(UnifiedApiFacadeImpl.class);

diff --git a/...n/java/com/bytechef/ee/platform/configuration/web/rest/GitConfigurationApiController.java b/...n/java/com/bytechef/ee/platform/configuration/web/rest/GitConfigurationApiController.java
@@ -12,6 +12,7 @@
 import com.bytechef.ee.platform.configuration.facade.GitConfigurationFacade;
 import com.bytechef.ee.platform.configuration.web.rest.model.GitConfigurationModel;
 import com.bytechef.platform.annotation.ConditionalOnEEVersion;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import org.springframework.core.convert.ConversionService;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -26,6 +27,7 @@
 @RequestMapping("${openapi.openAPIDefinition.base-path.platform:}/internal")
 @ConditionalOnCoordinator
 @ConditionalOnEEVersion
+@SuppressFBWarnings("HARD_CODE_PASSWORD")
 public class GitConfigurationApiController implements GitConfigurationApi {
 
     protected static final String PASSWORD = "********";

diff --git a/.../bytechef/ee/platform/customcomponent/configuration/facade/CustomComponentFacadeImpl.java b/.../bytechef/ee/platform/customcomponent/configuration/facade/CustomComponentFacadeImpl.java
@@ -36,6 +36,7 @@
 @Service
 @Transactional
 @ConditionalOnEEVersion
+@SuppressFBWarnings("PATH_TRAVERSAL_IN")
 public class CustomComponentFacadeImpl implements CustomComponentFacade {
 
     private final CacheManager cacheManager;

diff --git a/...src/main/java/com/bytechef/ee/platform/customcomponent/loader/ComponentHandlerLoader.java b/...src/main/java/com/bytechef/ee/platform/customcomponent/loader/ComponentHandlerLoader.java
@@ -9,6 +9,7 @@
 
 import com.bytechef.component.ComponentHandler;
 import com.bytechef.ee.platform.customcomponent.configuration.domain.CustomComponent.Language;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.io.IOException;
 import java.net.URISyntaxException;
 import java.net.URL;
@@ -21,6 +22,7 @@
  *
  * @author Ivica Cardic
  */
+@SuppressFBWarnings("PATH_TRAVERSAL_IN")
 public class ComponentHandlerLoader {
 
     public static ComponentHandler loadComponentHandler(

diff --git a/...va/com/bytechef/atlas/configuration/repository/git/operations/JGitWorkflowOperations.java b/...va/com/bytechef/atlas/configuration/repository/git/operations/JGitWorkflowOperations.java
@@ -60,6 +60,7 @@
  * @author Arik Cohen
  * @author Ivica Cardic
  */
+@SuppressFBWarnings("PATH_TRAVERSAL_IN")
 public class JGitWorkflowOperations implements GitWorkflowOperations {
 
     private static final Logger log = LoggerFactory.getLogger(JGitWorkflowOperations.class);

diff --git a/...tlas-worker/atlas-worker-impl/src/test/java/com/bytechef/atlas/worker/TaskWorkerTest.java b/...tlas-worker/atlas-worker-impl/src/test/java/com/bytechef/atlas/worker/TaskWorkerTest.java
@@ -43,6 +43,7 @@
 import com.bytechef.message.broker.memory.SyncMessageBroker;
 import com.bytechef.message.event.MessageEvent;
 import com.bytechef.test.extension.ObjectMapperSetupExtension;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.io.File;
 import java.util.List;
 import java.util.Map;
@@ -60,6 +61,7 @@
  * @author Ivica Cardic
  */
 @ExtendWith(ObjectMapperSetupExtension.class)
+@SuppressFBWarnings("PATH_TRAVERSAL_IN")
 public class TaskWorkerTest {
 
     private static final Evaluator EVALUATOR = SpelEvaluator.create();

diff --git a/...e/commons/commons-util/src/main/java/com/bytechef/commons/util/XmlStreamReaderStream.java b/...e/commons/commons-util/src/main/java/com/bytechef/commons/util/XmlStreamReaderStream.java
@@ -17,6 +17,7 @@
 package com.bytechef.commons.util;
 
 import com.fasterxml.jackson.dataformat.xml.XmlMapper;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.io.InputStream;
 import java.util.Comparator;
 import java.util.Iterator;
@@ -50,6 +51,7 @@
 /**
  * @author Ivica Cardic
  */
+@SuppressFBWarnings("XXE")
 final class XmlStreamReaderStream implements Stream<Map<String, ?>> {
 
     private static final Logger logger = LoggerFactory.getLogger(XmlStreamReaderStream.class);

diff --git a/server/libs/core/commons/commons-util/src/main/java/com/bytechef/commons/util/XmlUtils.java b/server/libs/core/commons/commons-util/src/main/java/com/bytechef/commons/util/XmlUtils.java
@@ -45,6 +45,9 @@
 /**
  * @author Ivica Cardic
  */
+@SuppressFBWarnings({
+    "XXE", "XPATH_INJECTION"
+})
 public class XmlUtils {
 
     private static final DocumentBuilderFactory DOCUMENT_BUILDER_FACTORY = DocumentBuilderFactory.newInstance();

diff --git a/...core/encryption/encryption-impl/src/main/java/com/bytechef/encryption/EncryptionImpl.java b/...core/encryption/encryption-impl/src/main/java/com/bytechef/encryption/EncryptionImpl.java
@@ -18,6 +18,7 @@
 
 import com.bytechef.commons.util.EncodingUtils;
 import com.bytechef.encryption.exception.InvalidEncryptionKeyException;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.nio.charset.StandardCharsets;
 import java.security.Key;
 import java.util.Arrays;
@@ -62,6 +63,9 @@ public String encrypt(String content) {
         }
     }
 
+    @SuppressFBWarnings({
+        "CIPHER_INTEGRITY", "ECB_MODE"
+    })
     private Cipher getCipher(int encryptMode) throws Exception {
         Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
 

diff --git a/...ibs/core/evaluator/evaluator-impl/src/main/java/com/bytechef/evaluator/SpelEvaluator.java b/...ibs/core/evaluator/evaluator-impl/src/main/java/com/bytechef/evaluator/SpelEvaluator.java
@@ -18,6 +18,7 @@
 
 package com.bytechef.evaluator;
 
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.time.temporal.ChronoUnit;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -52,6 +53,9 @@
  * @author Ivica Cardic
  * @since Mar 31, 2017
  */
+@SuppressFBWarnings({
+    "SPEL_INJECTION", "REDOS"
+})
 public class SpelEvaluator implements Evaluator {
 
     private static final Logger logger = LoggerFactory.getLogger(SpelEvaluator.class);

diff --git a/.../main/java/com/bytechef/file/storage/filesystem/service/FilesystemFileStorageService.java b/.../main/java/com/bytechef/file/storage/filesystem/service/FilesystemFileStorageService.java
@@ -21,6 +21,7 @@
 import com.bytechef.file.storage.exception.FileStorageException;
 import com.bytechef.file.storage.service.FileStorageService;
 import com.bytechef.tenant.TenantContext;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.IOException;
@@ -45,6 +46,7 @@
 /**
  * @author Ivica Cardic
  */
+@SuppressFBWarnings("PATH_TRAVERSAL_IN")
 public class FilesystemFileStorageService implements FileStorageService {
 
     private static final String URL_PREFIX = "file:";

diff --git a/...m/bytechef/platform/file/storage/filesystem/service/FilesystemFileStorageServiceTest.java b/...m/bytechef/platform/file/storage/filesystem/service/FilesystemFileStorageServiceTest.java
@@ -18,6 +18,7 @@
 
 import com.bytechef.file.storage.domain.FileEntry;
 import com.bytechef.file.storage.filesystem.service.FilesystemFileStorageService;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.io.ByteArrayInputStream;
 import java.io.File;
 import java.io.IOException;
@@ -30,6 +31,7 @@
 /**
  * @author Ivica Cardic
  */
+@SuppressFBWarnings("PATH_TRAVERSAL_IN")
 public class FilesystemFileStorageServiceTest {
 
     private static final String TEST_STRING = "test string";

diff --git a/...aws/aws-s3/src/main/java/com/bytechef/component/aws/s3/action/AwsS3ListObjectsAction.java b/...aws/aws-s3/src/main/java/com/bytechef/component/aws/s3/action/AwsS3ListObjectsAction.java
@@ -42,6 +42,7 @@
 /**
  * @author Ivica Cardic
  */
+@SuppressFBWarnings("PATH_TRAVERSAL_IN")
 public class AwsS3ListObjectsAction {
 
     public static final ModifiableActionDefinition ACTION_DEFINITION = action("listObjects")
@@ -54,7 +55,13 @@ public class AwsS3ListObjectsAction {
                 .required(true))
         .output(
             outputSchema(
-                array().items(object().properties(string("key"), string("suffix"), string("uri")))))
+                array()
+                    .items(
+                        object()
+                            .properties(
+                                string("key"),
+                                string("suffix"),
+                                string("uri")))))
         .perform(AwsS3ListObjectsAction::perform);
 
     protected static List<S3ObjectDescription> perform(
@@ -68,8 +75,7 @@ protected static List<S3ObjectDescription> perform(
 
             return response.contents()
                 .stream()
-                .map(o -> new S3ObjectDescription(
-                    connectionParameters.getRequiredString(BUCKET_NAME), o))
+                .map(o -> new S3ObjectDescription(connectionParameters.getRequiredString(BUCKET_NAME), o))
                 .collect(Collectors.toList());
         }
     }

diff --git a/...s/components/bash/src/main/java/com/bytechef/component/bash/action/BashExecuteAction.java b/...s/components/bash/src/main/java/com/bytechef/component/bash/action/BashExecuteAction.java
@@ -25,6 +25,7 @@
 import com.bytechef.component.definition.ActionContext;
 import com.bytechef.component.definition.ComponentDsl.ModifiableActionDefinition;
 import com.bytechef.component.definition.Parameters;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.io.BufferedWriter;
 import java.io.File;
 import java.io.FileWriter;
@@ -41,6 +42,7 @@
 /**
  * @author Ivica Cardic
  */
+@SuppressFBWarnings("COMMAND_INJECTION")
 public class BashExecuteAction {
 
     public static final ModifiableActionDefinition ACTION_DEFINITION = action("execute")

diff --git a/...nts/claude-code/src/main/java/com/bytechef/component/claude/code/util/ClaudeCodeUtil.java b/...nts/claude-code/src/main/java/com/bytechef/component/claude/code/util/ClaudeCodeUtil.java
@@ -16,6 +16,7 @@
 
 package com.bytechef.component.claude.code.util;
 
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.io.BufferedWriter;
 import java.io.File;
 import java.io.FileWriter;
@@ -32,7 +33,9 @@
 /**
  * @author Marko Kriskovic
  */
+@SuppressFBWarnings("COMMAND_INJECTION")
 public class ClaudeCodeUtil {
+
     private ClaudeCodeUtil() {
     }
 

diff --git a/...omponents/email/src/test/java/com/bytechef/component/email/action/EmailActionIntTest.java b/...omponents/email/src/test/java/com/bytechef/component/email/action/EmailActionIntTest.java
@@ -32,6 +32,7 @@
 import com.icegreen.greenmail.junit5.GreenMailExtension;
 import com.icegreen.greenmail.server.AbstractServer;
 import com.icegreen.greenmail.util.ServerSetupTest;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -43,6 +44,7 @@
 /**
  * @author Igor Beslic
  */
+@SuppressFBWarnings("HARD_CODE_PASSWORD")
 public class EmailActionIntTest {
 
     static {

diff --git a/...e/src/main/java/com/bytechef/component/file/storage/action/FileStorageDownloadAction.java b/...e/src/main/java/com/bytechef/component/file/storage/action/FileStorageDownloadAction.java
@@ -27,6 +27,7 @@
 import com.bytechef.component.definition.FileEntry;
 import com.bytechef.component.definition.Parameters;
 import com.bytechef.component.file.storage.constant.FileStorageConstants;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.io.BufferedInputStream;
 import java.io.File;
 import java.io.FileInputStream;
@@ -45,6 +46,9 @@
 /**
  * @author Ivica Cardic
  */
+@SuppressFBWarnings({
+    "SSRF", "URLCONNECTION_SSRF_FD"
+})
 public class FileStorageDownloadAction {
 
     public static final ModifiableActionDefinition ACTION_DEFINITION = action("download")

diff --git a/...c/main/java/com/bytechef/component/filesystem/action/FilesystemGetParentFolderAction.java b/...c/main/java/com/bytechef/component/filesystem/action/FilesystemGetParentFolderAction.java
@@ -25,12 +25,14 @@
 import com.bytechef.component.definition.ComponentDsl.ModifiableActionDefinition;
 import com.bytechef.component.definition.Context;
 import com.bytechef.component.definition.Parameters;
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 import java.io.File;
 import java.nio.file.NoSuchFileException;
 
 /**
  * @author Ivica Cardic
  */
+@SuppressFBWarnings("PATH_TRAVERSAL_IN")
 public class FilesystemGetParentFolderAction {
 
     public static final ModifiableActionDefinition ACTION_DEFINITION = action("getFilePath")