|about 10 hours ago||6 days ago|
|GNU Lesser General Public License v3.0 only||MIT License|
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Ask HN: What is a modern Java environment?
22 projects | news.ycombinator.com | 29 Mar 2022
PMD, Spotbugs, Nullaway: Java linting/static analysis (https://pmd.github.io, https://spotbugs.github.io, https://github.com/uber/NullAway)
What are some useful static analyzers for Java?
9 projects | reddit.com/r/java | 2 Jan 2022
Go CheckLocks Analyzer
4 projects | news.ycombinator.com | 29 Dec 2021
Is there a tool to track CVEs for the software that we use?
8 projects | reddit.com/r/sysadmin | 14 Dec 2021
While at it you could also point them to static code analyzers such as error_prone, spotbugs and pmd (use all 3 at once - they complement each other in detecting different issues).
SpotBugs supports SARIF that supports integration with other SAST tools
2 projects | dev.to | 16 Oct 2021
First, it's better to use SpotBugs 4.4.1 and above, that includes a fix to make SARIF report compatible with Github code scanning API requirements.
Needing to run GUI application from java docker image
1 project | reddit.com/r/docker | 30 Sep 2021
RUN wget https://github.com/spotbugs/spotbugs/releases/download/4.4.1/spotbugs-4.4.1.tgz
Looking for a Static Code Analysis tool for Scala Code
2 projects | reddit.com/r/cybersecurity | 28 Aug 2021
If you don’t have checkmarx/Vera code money, have you looked at https://find-sec-bugs.github.io/? It can be used with a few things such as https://spotbugs.github.io/ and sonarQ
An Incomplete List of Practical Security for Mortals
9 projects | dev.to | 6 Jul 2021
some good tools for general code analysis (Java): Sonarqube, PMD, SpotBugs
NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION erroneously issued on equals(@Nullable Object) · Issue #633 · spotbugs/spotbugs
1 project | reddit.com/r/YourselfYou | 30 Jun 2021
SpotBugs – Find Bugs in Java Programs
1 project | news.ycombinator.com | 28 Apr 2021
How to use Coq and C in practical software development for "verified C"?
1 project | reddit.com/r/C_Programming | 28 Mar 2022
Also, a much more realistic approach would be to use static analyzers, such as fbinfer: https://fbinfer.com/
How to make develop C application easier?
2 projects | reddit.com/r/C_Programming | 28 Mar 2022
There are also static analyzers, for example PVS-Studio which is commercial and solid: https://pvs-studio.com/en/ The GCC compiler, starting with version 10, has a static analyzer that you activate with the “-fanalyzer” option. It’s still quite limited but I use it. Be sure the get GCC version 11.2 or later because the analyzer got much better after version 10. Facebook has a no-cost analyzer, but I haven’t tried it yet: https://fbinfer.com/
Meta Open-Sources A Compositional Deadlock Detector for Android Java
1 project | reddit.com/r/androiddev | 9 Mar 2022
The research team at Meta has developed a new static analyzer that catches deadlocks in Java code for Android without ever running the app. What distinguished this work from past efforts is its ability to analyze revisions within large software libraries with hundreds of millions of lines–enough time and space so problems can be found before they manifest themselves as bugs or crashes. The proposed analyzer is open-sourced and forms part of the Infer static analysis framework.
infer - A static analyzer for Java, C, C++, and Objective-C open-sourced by Facebook
1 project | reddit.com/r/coding | 5 Mar 20221 project | reddit.com/r/coding | 5 Mar 20223 projects | reddit.com/r/programming | 5 Mar 20221 project | reddit.com/r/computerscience | 5 Mar 20221 project | reddit.com/r/functionalprogramming | 5 Mar 20221 project | reddit.com/r/ocaml | 5 Mar 2022
Hacker News top posts: Mar 5, 2022
2 projects | reddit.com/r/hackerdigest | 5 Mar 2022
A tool to detect bugs in Java and C/C++/Objective-C code before it ships\ (22 comments)
What are some alternatives?
SonarQube - Continuous Inspection
FindBugs - The new home of the FindBugs project
PMD - An extensible multilanguage static code analyzer.
SonarJava - :coffee: SonarSource Static Analyzer for Java Code Quality and Security
Error Prone - Catch common Java mistakes as compile-time errors
Checkstyle - Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
semgrep - Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.