|3 days ago||4 days ago|
|GNU General Public License v3.0 or later||GNU Lesser General Public License v3.0 only|
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
How can I help my partner write better code?
2 projects | reddit.com/r/learnprogramming | 27 Nov 2021
I’m a little out of date with Java, but I believe Checkstyle is currently popular: https://github.com/checkstyle/checkstyle
Why You Need Static Code Analysis
2 projects | dev.to | 1 Oct 2021
Another example can be applied to code quality itself. Most static analyzers are configurable. If you tried to set Checkstyle Google configuration to the mature project, you would probably get hundreds or even thousands of errors. You can start with just one rule. Ar first glance, it seems not so important. But after the moment when the configuration reaches the repository, you can be sure that no one else can violate this rule in the future.
I have made a list of 55 plus open source software list for doing various tasks
10 projects | reddit.com/r/software | 26 Aug 2021
Checkstyle: a tool that helps programmers write Java code that adheres to a coding standard: https://github.com/checkstyle/checkstyle
5 projects | reddit.com/r/neovim | 24 Aug 2021
So I was there once, sharing my solution. For my current project I use the java formatter jar, but on my previous work I was using checkstyle, you can get it from here: Checkstyle. Then pass your checkstyle xml format config.
I want to set some standards and practices around the development process at my company. Just looking for any tips. Has anyone done this before? Is there any reference material you might suggest?
2 projects | reddit.com/r/ExperiencedDevs | 20 Jun 2021
On the coding standards side, use linters like https://github.com/checkstyle/checkstyle and https://github.com/eslint/eslint so you have an automated way to detect some errors and enforce style standards.
What is the most popular Code Style Guide in the Java world?
1 project | reddit.com/r/learnjava | 22 Apr 2021
The most common approach for CI integration is the Maven checkstyle plugin, and you'd have to specify the coding style rules in the checkstyle.xml file. The github repo for checkstyle has checkstyle.xml configs for Google and Sun.
Design an Effective Build Stage for Continuous Integration
12 projects | dev.to | 8 Apr 2021
sem-version java 11 wget https://github.com/checkstyle/checkstyle/releases/download/checkstyle-8.41/checkstyle-8.41-all.jar java -jar checkstyle-8.41-all.jar -c /sun_checks.xml MyFile.java
Review of Java Static Analysis Tools
2 projects | dev.to | 9 Mar 2021
You can find a configuration file for Google’s Java Style on the checkstyle repository.
1 project | dev.to | 17 Feb 2021
Direct JAR which can be taken from Github
What are some useful static analyzers for Java?
9 projects | reddit.com/r/java | 2 Jan 2022
Go CheckLocks Analyzer
4 projects | news.ycombinator.com | 29 Dec 2021
Is there a tool to track CVEs for the software that we use?
8 projects | reddit.com/r/sysadmin | 14 Dec 2021
While at it you could also point them to static code analyzers such as error_prone, spotbugs and pmd (use all 3 at once - they complement each other in detecting different issues).
SpotBugs supports SARIF that supports integration with other SAST tools
2 projects | dev.to | 16 Oct 2021
First, it's better to use SpotBugs 4.4.1 and above, that includes a fix to make SARIF report compatible with Github code scanning API requirements.
Needing to run GUI application from java docker image
1 project | reddit.com/r/docker | 30 Sep 2021
RUN wget https://github.com/spotbugs/spotbugs/releases/download/4.4.1/spotbugs-4.4.1.tgz
Looking for a Static Code Analysis tool for Scala Code
2 projects | reddit.com/r/cybersecurity | 28 Aug 2021
If you don’t have checkmarx/Vera code money, have you looked at https://find-sec-bugs.github.io/? It can be used with a few things such as https://spotbugs.github.io/ and sonarQ
An Incomplete List of Practical Security for Mortals
9 projects | dev.to | 6 Jul 2021
some good tools for general code analysis (Java): Sonarqube, PMD, SpotBugs
NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION erroneously issued on equals(@Nullable Object) · Issue #633 · spotbugs/spotbugs
1 project | reddit.com/r/YourselfYou | 30 Jun 2021
SpotBugs – Find Bugs in Java Programs
1 project | news.ycombinator.com | 28 Apr 2021
Conducting SAST for Java Applications
2 projects | reddit.com/r/java | 15 Apr 2021
Static application security testing (SAST) is essential in tackling the source code vulnerabilities, late diagnosis of problems, and lack of root-cause analysis. This post describes how to carry out SAST in your Java application using SpotBugs.
What are some alternatives?
FindBugs - The new home of the FindBugs project
SonarQube - Continuous Inspection
PMD - An extensible multilanguage static code analyzer.
SonarJava - :coffee: SonarSource Static Analyzer for Java Code Quality and Security
Error Prone - Catch common Java mistakes as compile-time errors
infer - A static analyzer for Java, C, C++, and Objective-C
Sourcetrail - Sourcetrail - free and open-source interactive source explorer