the  `analysis-model-api` plugin packages slf4j version 1.8 which is incompatable with Jenkins. (org.jvnet.hudson.plugins.findbugs:library:jar:6.0.3)

However it is packed in a uber jar that you can not exclude.

io.jenkins.plugins:analysis-model-api:jar:8.0.1:compile (optional)
  - edu.hm.hafner:analysis-model:jar:8.0.1:compile (optional)
   +- se.bjurr.violations:violations-lib:jar:1.110:compile (optional)
   +- org.jvnet.hudson.plugins.findbugs:library:jar:6.0.3:compile (optional)

this means if you depend on this plugin (via warnings-ng) for example you end up with no output in unit tests because the slf4j provider (jdk14) provided by jenkins is too old and is ignored

SLF4J: No SLF4J providers were found.
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#noProviders for further details.
SLF4J: Class path contains SLF4J bindings targeting slf4j-api versions prior to 1.8.
SLF4J: Ignoring binding found at [jar:file:/C:/Users/jnord/.m2/repository/org/slf4j/slf4j-jdk14/1.7.26/slf4j-jdk14-1.7.26.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#ignoredBindings for an explanation.
 
as well as the slf4j provider there are other potential evil things packaged such as xerces (which could overwrite the stock JDK parers) multiple XML APIs jcip annotations (comes from core) commons-lang (again comes from core - but causes a different version to be picked up)