Spotbugs
Gradle
Our great sponsors
Spotbugs | Gradle | |
---|---|---|
17 | 91 | |
3,326 | 16,090 | |
1.2% | 1.0% | |
9.6 | 10.0 | |
6 days ago | 6 days ago | |
Java | Groovy | |
GNU Lesser General Public License v3.0 only | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Spotbugs
- Primeiros passos no desenvolvimento Java em 2023: um guia particular
-
Ask HN: What is a modern Java environment?
PMD, Spotbugs, Nullaway: Java linting/static analysis (https://pmd.github.io, https://spotbugs.github.io, https://github.com/uber/NullAway)
- What are some useful static analyzers for Java?
- Go CheckLocks Analyzer
-
Is there a tool to track CVEs for the software that we use?
While at it you could also point them to static code analyzers such as error_prone, spotbugs and pmd (use all 3 at once - they complement each other in detecting different issues).
-
SpotBugs supports SARIF that supports integration with other SAST tools
First, it's better to use SpotBugs 4.4.1 and above, that includes a fix to make SARIF report compatible with Github code scanning API requirements.
-
Looking for a Static Code Analysis tool for Scala Code
If you don’t have checkmarx/Vera code money, have you looked at https://find-sec-bugs.github.io/? It can be used with a few things such as https://spotbugs.github.io/ and sonarQ
-
An Incomplete List of Practical Security for Mortals
some good tools for general code analysis (Java): Sonarqube, PMD, SpotBugs
-
Conducting SAST for Java Applications
Static application security testing (SAST) is essential in tackling the source code vulnerabilities, late diagnosis of problems, and lack of root-cause analysis. This post describes how to carry out SAST in your Java application using SpotBugs.
-
Web Application Security Checklist (2021)
SpotBugs
Gradle
-
Gradle's leaky abstractions: Declarative(ish) shell, imperative core: Implementing a safe(ish) global configuration DSL
A ("shared") build service is kind of like a singleton, in that when you register one in any project, it's available in all projects as a single instance. (This unfortunately turns out not to be true, in some cases, when using composite builds, but can be worked around.) An actual singleton (global static instance) doesn't work at all, for the record—try it if you want to lose some sanity. Anyway, use a build service whenever you need global mutable state in your build.
-
Working with Environment Variables in Java
When using build tools like Maven or Gradle, you can configure environment variables in the build scripts or configuration files.
-
Intro to Java Question
For large projects, purpose-made build tools such as Gradle and Maven are preferred for managing the directory structure since they introduce additional semantics for managing test code and other programming languages (among lots of other things). Most IDEs can integrate with these build tools easily. If you're just starting out though, I wouldn't worry too much about these, you can visit them later.
-
Quarkus 3.4 - Container-first Java Stack: Install with OpenJDK 21 and Create REST API
Project Build and Management: Apache Maven 3 (3.9.5), Gradle 8 (8.3)
-
Creating a Ktor Server with Gradle and SDKMAN!: A Step-by-Step Guide
Ktor, a powerful web framework built with Kotlin, offers a lightweight and flexible solution for building web applications. In this article, we will guide you through the process of creating a Ktor project manually using Gradle and SDKMAN!. By following the steps below, you'll have a basic Ktor project up and running in no time.
-
How to Run GitHub Code?
The details regarding the code compiling would vary from one project to another. For that project, it seems that it uses Gradle (a helper tool) for compiling. Check Gradle's documentation for more information.
- Como desenvolvi um backend web em Clojure
-
“Exit Traps” Can Make Your Bash Scripts Way More Robust and Reliable
"gradle,https://gradle.org"
-
bld pure Java build tool extracted from RIFE2
It's sounds like this issue https://github.com/gradle/gradle/issues/2508 would be of interest to you then!
-
Introducing Bld: A New Pure Java Build System
Except that they're not, all the potential, maybe relevant parameters available to the entire project are. Go inside the base {} task is build.gradle.kts, press ctrl+space ... yay hundreds of potential things that could or could not be appropriate, Go inside the java {} task, same thing, anywhere really. Without opening the documentation on gradle.org, there's no way to know what is actually relevant. It doesn't stop there, some of these things only work in setup time, others only work during task execution time, on to the docs to find which ones are which, but the docs are not completely in that regard, on and on it goes.
What are some alternatives?
SonarQube - Continuous Inspection
FindBugs - The new home of the FindBugs project
PMD - An extensible multilanguage static code analyzer.
Error Prone - Catch common Java mistakes as compile-time errors
Checkstyle - Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
SonarJava - :coffee: SonarSource Static Analyzer for Java Code Quality and Security
semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
Bazel - a fast, scalable, multi-language and extensible build system
infer - A static analyzer for Java, C, C++, and Objective-C
Buck - A fast build system that encourages the creation of small, reusable modules over a variety of platforms and languages.
Apache Maven - Apache Maven core
find-sec-bugs - The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)