Spotbugs
NullAway
Our great sponsors
Spotbugs | NullAway | |
---|---|---|
17 | 20 | |
3,326 | 3,517 | |
1.2% | 1.3% | |
9.6 | 9.0 | |
6 days ago | 8 days ago | |
Java | Java | |
GNU Lesser General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Spotbugs
- Primeiros passos no desenvolvimento Java em 2023: um guia particular
-
Ask HN: What is a modern Java environment?
PMD, Spotbugs, Nullaway: Java linting/static analysis (https://pmd.github.io, https://spotbugs.github.io, https://github.com/uber/NullAway)
- What are some useful static analyzers for Java?
- Go CheckLocks Analyzer
-
Is there a tool to track CVEs for the software that we use?
While at it you could also point them to static code analyzers such as error_prone, spotbugs and pmd (use all 3 at once - they complement each other in detecting different issues).
-
SpotBugs supports SARIF that supports integration with other SAST tools
First, it's better to use SpotBugs 4.4.1 and above, that includes a fix to make SARIF report compatible with Github code scanning API requirements.
-
Looking for a Static Code Analysis tool for Scala Code
If you don’t have checkmarx/Vera code money, have you looked at https://find-sec-bugs.github.io/? It can be used with a few things such as https://spotbugs.github.io/ and sonarQ
-
An Incomplete List of Practical Security for Mortals
some good tools for general code analysis (Java): Sonarqube, PMD, SpotBugs
-
Conducting SAST for Java Applications
Static application security testing (SAST) is essential in tackling the source code vulnerabilities, late diagnosis of problems, and lack of root-cause analysis. This post describes how to carry out SAST in your Java application using SpotBugs.
-
Web Application Security Checklist (2021)
SpotBugs
NullAway
-
Retrofitting null-safety onto Java at Meta
Does anyone have experience using this at Meta who can compare to https://github.com/uber/NullAway ?
-
How to use Java Records
A special kind of validation is enforcing that record fields are not null. (Un)fortunately, records do not have any special behavior regarding nullability. You can use tools like NullAway or Error Prone to prevent null in your code in general, or you can add checks to your records:
- Backend Java 19 vs Kotlin?
-
What does the future hold for Project Amber?
What do you think of https://github.com/uber/NullAway
-
Plans for Compile-time Null Pointer Safety?
Take a look at NullAway, a plugin for Error Prone.
-
Ask HN: What is a modern Java environment?
PMD, Spotbugs, Nullaway: Java linting/static analysis (https://pmd.github.io, https://spotbugs.github.io, https://github.com/uber/NullAway)
-
What are some useful static analyzers for Java?
In personal projects, I've had good experiences using the error-prone compiler plugin with uber's nullaway.
-
What are some new or upcoming Java projects or advancements that excite you the most?
Check out Uber’s NullAway. It’s way better than any IDE plugins. https://github.com/uber/NullAway
-
Why people don't love Java?
Check out Uber's https://github.com/uber/NullAway It's fantastic for new projects. By default it will assume everything is @NonNull, and throw a compiler warning if you try to set it to null. It gets you to 90% of Kotlins nullability checks.
What are some alternatives?
SonarQube - Continuous Inspection
FindBugs - The new home of the FindBugs project
PMD - An extensible multilanguage static code analyzer.
Error Prone - Catch common Java mistakes as compile-time errors
Checkstyle - Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
SonarJava - :coffee: SonarSource Static Analyzer for Java Code Quality and Security
semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
infer - A static analyzer for Java, C, C++, and Objective-C
find-sec-bugs - The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
Sourcetrail - Sourcetrail - free and open-source interactive source explorer