1. Overview
SpotBugs, a program that uses static analysis to look for bugs in Java code. It is free software, distributed under the terms of the Lesser GNU Public License. SpotBugs is a plugin for the FindBugs static code analysis tool. It specializes in finding security issues in code by searching for bug patterns. It can be used to scan Java Web applications, Android applications and, more recently, Scala and Groovy applications.
2. Configuration
First, we need to install SpotBugs plugins from the plugin marketplace in our Android Studio Integrated development environment(IDE).
To open the IDE plugin marketplace go to the "Android Studio Menu-->Preferences-->Editor-->Plugins."
Click Marketplace and then Search ‘SpotBugs’ keyword. Click on "Install' then "Accept" then "Restart" after completing installation.
After restart, go to "Android Studio Menu-->Preferences-->Tools-->SpotBugs" and click on "+" and add "Find Security Bugs" and Findbugs Plugin for Android".
Then click on "Report" and select the following screenshot. Uncheck all and then select only malicious code vulnerability.