Apparently the issue is that FindBugs considers this as LOW confidence and by default only >= MEDIUM are reported. In our Gradle script we could set confidence threshold to low and this violation would show up in the reports. But given how much "questionable" things FindBugs reports already, I am not sure that is the best option. What I'd really like is to be able to adjust the confidence and rank of certain bugs and to actually start failing the build on a certain threshold. No idea how to accomplish that though. Thoughts?