infer
A static analyzer for Java, C, C++, and Objective-C (by facebook)
Spotbugs
SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code. (by spotbugs)
Our great sponsors
infer | Spotbugs | |
---|---|---|
24 | 15 | |
13,291 | 2,721 | |
1.2% | 1.5% | |
9.7 | 9.0 | |
6 days ago | about 13 hours ago | |
OCaml | Java | |
MIT License | GNU Lesser General Public License v3.0 only |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
infer
Posts with mentions or reviews of infer.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-03-28.
-
How to use Coq and C in practical software development for "verified C"?
Also, a much more realistic approach would be to use static analyzers, such as fbinfer: https://fbinfer.com/
-
How to make develop C application easier?
There are also static analyzers, for example PVS-Studio which is commercial and solid: https://pvs-studio.com/en/ The GCC compiler, starting with version 10, has a static analyzer that you activate with the “-fanalyzer” option. It’s still quite limited but I use it. Be sure the get GCC version 11.2 or later because the analyzer got much better after version 10. Facebook has a no-cost analyzer, but I haven’t tried it yet: https://fbinfer.com/
-
Meta Open-Sources A Compositional Deadlock Detector for Android Java
The research team at Meta has developed a new static analyzer that catches deadlocks in Java code for Android without ever running the app. What distinguished this work from past efforts is its ability to analyze revisions within large software libraries with hundreds of millions of lines–enough time and space so problems can be found before they manifest themselves as bugs or crashes. The proposed analyzer is open-sourced and forms part of the Infer static analysis framework.
- infer - A static analyzer for Java, C, C++, and Objective-C open-sourced by Facebook
-
Hacker News top posts: Mar 5, 2022
A tool to detect bugs in Java and C/C++/Objective-C code before it ships\ (22 comments)
Spotbugs
Posts with mentions or reviews of Spotbugs.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-03-29.
-
Ask HN: What is a modern Java environment?
PMD, Spotbugs, Nullaway: Java linting/static analysis (https://pmd.github.io, https://spotbugs.github.io, https://github.com/uber/NullAway)
- What are some useful static analyzers for Java?
- Go CheckLocks Analyzer
-
Is there a tool to track CVEs for the software that we use?
While at it you could also point them to static code analyzers such as error_prone, spotbugs and pmd (use all 3 at once - they complement each other in detecting different issues).
-
SpotBugs supports SARIF that supports integration with other SAST tools
First, it's better to use SpotBugs 4.4.1 and above, that includes a fix to make SARIF report compatible with Github code scanning API requirements.
-
Needing to run GUI application from java docker image
RUN wget https://github.com/spotbugs/spotbugs/releases/download/4.4.1/spotbugs-4.4.1.tgz
-
Looking for a Static Code Analysis tool for Scala Code
If you don’t have checkmarx/Vera code money, have you looked at https://find-sec-bugs.github.io/? It can be used with a few things such as https://spotbugs.github.io/ and sonarQ
-
An Incomplete List of Practical Security for Mortals
some good tools for general code analysis (Java): Sonarqube, PMD, SpotBugs
- NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION erroneously issued on equals(@Nullable Object) · Issue #633 · spotbugs/spotbugs
- SpotBugs – Find Bugs in Java Programs
What are some alternatives?
When comparing infer and Spotbugs you can also consider the following projects:
SonarQube - Continuous Inspection
FindBugs - The new home of the FindBugs project
PMD - An extensible multilanguage static code analyzer.
SonarJava - :coffee: SonarSource Static Analyzer for Java Code Quality and Security
Error Prone - Catch common Java mistakes as compile-time errors
Checkstyle - Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.