Spotbugs
SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code. (by spotbugs)
Error Prone
Catch common Java mistakes as compile-time errors (by google)
Our great sponsors
- Sonar - Write Clean Java Code. Always.
- InfluxDB - Access the most powerful time series database as a service
- ONLYOFFICE ONLYOFFICE Docs — document collaboration in your environment
| Spotbugs | Error Prone | |
|---|---|---|
| 17 | 16 | |
| 3,066 | 6,449 | |
| 1.0% | 0.5% | |
| 9.4 | 9.4 | |
| 1 day ago | 5 days ago | |
| Java | Java | |
| GNU Lesser General Public License v3.0 only | Apache License 2.0 |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Spotbugs
Posts with mentions or reviews of Spotbugs.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-01-19.
- Primeiros passos no desenvolvimento Java em 2023: um guia particular
-
Ask HN: What is a modern Java environment?
PMD, Spotbugs, Nullaway: Java linting/static analysis (https://pmd.github.io, https://spotbugs.github.io, https://github.com/uber/NullAway)
- What are some useful static analyzers for Java?
- Go CheckLocks Analyzer
-
Is there a tool to track CVEs for the software that we use?
While at it you could also point them to static code analyzers such as error_prone, spotbugs and pmd (use all 3 at once - they complement each other in detecting different issues).
-
SpotBugs supports SARIF that supports integration with other SAST tools
First, it's better to use SpotBugs 4.4.1 and above, that includes a fix to make SARIF report compatible with Github code scanning API requirements.
-
Looking for a Static Code Analysis tool for Scala Code
If you don’t have checkmarx/Vera code money, have you looked at https://find-sec-bugs.github.io/? It can be used with a few things such as https://spotbugs.github.io/ and sonarQ
-
An Incomplete List of Practical Security for Mortals
some good tools for general code analysis (Java): Sonarqube, PMD, SpotBugs
-
Conducting SAST for Java Applications
Static application security testing (SAST) is essential in tackling the source code vulnerabilities, late diagnosis of problems, and lack of root-cause analysis. This post describes how to carry out SAST in your Java application using SpotBugs.
-
Web Application Security Checklist (2021)
SpotBugs
Error Prone
Posts with mentions or reviews of Error Prone.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-05-27.
-
Any library you would like to recommend to others as it helps you a lot? For me, mapstruct is one of them. Hopefully I would hear some other nice libraries I never try.
error-prone is good for some extra static analysis.
-
How to use Java Records
A special kind of validation is enforcing that record fields are not null. (Un)fortunately, records do not have any special behavior regarding nullability. You can use tools like NullAway or Error Prone to prevent null in your code in general, or you can add checks to your records:
- Prusti: Static Analyzer for Rust
-
Why is `suspend` a language keyword, but @Composable and @Serializable are annotations
I am all in favour to more third side libraries adding functionalities, like Lombok, Manifold and error prone. As well as smaller projects like this shameless plug and what appears in this list
-
Picnic loves Error Prone: producing high-quality and consistent Java code
If only Google didn't suck when it came to Java9+ support... https://github.com/google/error-prone/issues/2649
-
What does the future hold for Project Amber?
I haven't used it. I use Google's ErrorProne + Lombok to prevent NPEs in java.
-
Plans for Compile-time Null Pointer Safety?
Take a look at NullAway, a plugin for Error Prone.
-
Is there a tool to track CVEs for the software that we use?
While at it you could also point them to static code analyzers such as error_prone, spotbugs and pmd (use all 3 at once - they complement each other in detecting different issues).
-
Top 5 Java Linters
5. Error Prone
- Break backward compatibility
What are some alternatives?
When comparing Spotbugs and Error Prone you can also consider the following projects:
SonarQube - Continuous Inspection
FindBugs - The new home of the FindBugs project
PMD - An extensible multilanguage static code analyzer.
SonarJava - :coffee: SonarSource Static Analyzer for Java Code Quality and Security
Checkstyle - Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
infer - A static analyzer for Java, C, C++, and Objective-C
semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.