Java Static Analysis

Open-source Java projects categorized as Static Analysis
Edit details
Topics: Java Code Analysis static-code-analysis Code Quality HacktoberFest
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

Top 23 Java Static Analysis Projects

  • bytecode-viewer

    A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

  • SonarQube

    Continuous Inspection

    • Project mention: Cloud Security and Resilience: DevSecOps Tools and Practices | dev.to | 2024-05-01

    2. SonarQube: https://github.com/SonarSource/sonarqube SonarQube enhances code quality and security. It performs automatic reviews to detect bugs, vulnerabilities, and code smells in your code.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • Checkstyle

    Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.

  • Error Prone

    Catch common Java mistakes as compile-time errors

  • Recaf

    The modern Java bytecode editor

  • PMD

    An extensible multilanguage static code analyzer.

    • Project mention: We Have Code Quality At Home: Open Source Java Code Quality Tools | dev.to | 2024-05-06

    PMD is a source code static analysis tool. It inspects your Java files for any issues, and has a configurable set of rules to look at.

  • NullAway

    A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead

    • Project mention: What if null was an Object in Java? | news.ycombinator.com | 2024-04-28

    Fortunately, Uber made tooling for languages with broken type systems

    * https://github.com/uber/NullAway

    * https://github.com/uber-go/nilaway

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo

  • Spotbugs

    SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

    • Project mention: We Have Code Quality At Home: Open Source Java Code Quality Tools | dev.to | 2024-05-06

    SpotBugs is an open source static anlysis tool. "SpotBugs uses static analysis to inspect Java bytecode for occurrences of bug patterns." This means that SpotBugs runs against the compiled source source code, rather than raw Java files. Because it analyses bytecode, it can catch some types of bugs that source code analysis would not catch.

  • soot

    Soot - A Java optimization framework

  • find-sec-bugs

    The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

  • Spoon

    Spoon is a metaprogramming library to analyze and transform Java source code. :spoon: is made with :heart:, :beers: and :sparkles:. It parses source files to build a well-designed AST with powerful analysis and transformation API.

    • Project mention: Release Radar · April 2024 Edition: Major updates from the open source community | dev.to | 2024-05-03

    The creators at Spoon claim that "🥄 is made with ❤️, 🍻 and ✨"! And why not?! Spoon is a metaprogramming library to analyze and transform Java source code by parsing source files to build a well-designed AST (Abstract Syntax Tree). The latest version supports Java 17 and the modelling of receiver parameters has been changed. Read all about the changes in the release notes.

  • phpinspectionsea

    A Static Code Analyzer for PHP (a PhpStorm/Idea Plugin)

    • Project mention: PHP RFC: Deprecations for PHP 8.3 | /r/PHP | 2023-05-30

    (I actually held the same opinion as you until recently: https://github.com/kalessil/phpinspectionsea/issues/1718 tl;dr the performance impact is negligible)

  • pysonar2

    PySonar2: a semantic indexer for Python with interprocedual type inference

  • SonarJava

    :coffee: SonarSource Static Analyzer for Java Code Quality and Security

  • FlowDroid

    FlowDroid Static Data Flow Tracker

  • jspecify

    An artifact of fully-specified annotations to power static-analysis checks, beginning with nullness analysis.

    • Project mention: Java, null, and JSpecify [video link] | /r/java | 2023-12-11

    There's also a fair amount of content to explore starting at jspecify.org.

  • sonar-php

    :elephant: SonarPHP: PHP static analyzer for SonarQube & SonarLint

  • Modernizer

    Detect uses of legacy Java APIs

  • ck

    Code metrics for Java code by means of static analysis (by mauricioaniche)

  • RefactorFirst

    Identifies and prioritizes God Classes and Highly Coupled classes in Java codebases you should refactor first.

    • Project mention: 📢📢📢RefactorFirst 0.4.0 is released!!!📢📢📢 | /r/java | 2023-06-27

    Learn more at https://github.com/jimbethancourt/RefactorFirst

  • warnings-ng-plugin

    Jenkins Warnings Plugin - Next Generation

  • forbidden-apis

    Policeman's Forbidden API Checker

  • SkidSuite

    A collection of java reverse engineering tools and informational links

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Java Static Analysis related posts

  • We Have Code Quality At Home: Open Source Java Code Quality Tools

    4 projects | dev.to | 6 May 2024

  • Handling EI_EXPOSE_REP & EI_EXPOSE_REP2 👨🏻‍💻

    1 project | dev.to | 30 Apr 2024

  • PMD 7 Is Here

    1 project | news.ycombinator.com | 22 Mar 2024

  • Java, null, and JSpecify [video link]

    1 project | /r/java | 11 Dec 2023

  • Amazon CodeGuru Reviewer: already time for retirement?

    2 projects | dev.to | 1 Aug 2023

  • 📢📢📢RefactorFirst 0.4.0 is released!!!📢📢📢

    1 project | /r/java | 27 Jun 2023

  • Design document on nullability and value types (Brian Goetz)

    1 project | /r/java | 2 Jun 2023
  • A note from our sponsor - SaaSHub
    www.saashub.com | 29 May 2024
    SaaSHub helps you find the best software and product alternatives Learn more →

Index

What are some of the best open-source Static Analysis projects in Java? This list will help you:

Project Stars
1 bytecode-viewer 14,385
2 SonarQube 8,642
3 Checkstyle 8,158
4 Error Prone 6,739
5 Recaf 5,653
6 PMD 4,688
7 NullAway 3,535
8 Spotbugs 3,367
9 soot 2,814
10 find-sec-bugs 2,213
11 Spoon 1,680
12 phpinspectionsea 1,430
13 pysonar2 1,376
14 SonarJava 1,093
15 FlowDroid 1,008
16 jspecify 428
17 sonar-php 376
18 Modernizer 366
19 ck 360
20 RefactorFirst 334
21 warnings-ng-plugin 328
22 forbidden-apis 315
23 SkidSuite 304

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com