Java Code Analysis

Open-source Java projects categorized as Code Analysis

Top 18 Java Code Analysis Projects

  • Checkstyle

    Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.

    Project mention: 5 easy paths to become a recognized Java expert. Really. For free. | | 2022-08-25
  • SonarQube

    Continuous Inspection

    Project mention: Usefully links for DotNet Backend Developers | | 2023-01-02


  • Sonar

    Write Clean Java Code. Always.. Sonar helps you commit clean code every time. With over 600 unique rules to find Java bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.

  • Error Prone

    Catch common Java mistakes as compile-time errors

    Project mention: How to use Java Records | | 2022-11-18

    A special kind of validation is enforcing that record fields are not null. (Un)fortunately, records do not have any special behavior regarding nullability. You can use tools like NullAway or Error Prone to prevent null in your code in general, or you can add checks to your records:

  • JavaParser

    Java 1-15 Parser and Abstract Syntax Tree for Java, including preview features to Java 13

    Project mention: Ask HN: Source code (Java) parser and/or static analysis tool | | 2022-09-12
  • PMD

    An extensible multilanguage static code analyzer.

    Project mention: Custom Gradle Plugin for Unified Static Code Analysis | | 2023-02-04

    PMD and Checkstyle are static analysis tools that check your code on each project build. Gradle allows to apply them easily.

  • NullAway

    A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead

    Project mention: Retrofitting null-safety onto Java at Meta | | 2022-11-22

    Does anyone have experience using this at Meta who can compare to ?

  • Spotbugs

    SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

    Project mention: Primeiros passos no desenvolvimento Java em 2023: um guia particular | | 2023-01-19
  • InfluxDB

    Build time-series-based applications quickly and at scale.. InfluxDB is the Time Series Platform where developers build real-time applications for analytics, IoT and cloud-native services. Easy to start, it is available in the cloud or on-premises.

  • find-sec-bugs

    The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

    Project mention: Find Security Bugs | | 2022-02-23
  • Spoon

    Spoon is a metaprogramming library to analyze and transform Java source code. :spoon: is made with :heart:, :beers: and :sparkles:. It parses source files to build a well-designed AST with powerful analysis and transformation API.

  • pysonar2

    PySonar2: a semantic indexer for Python with interprocedual type inference

  • SonarJava

    :coffee: SonarSource Static Analyzer for Java Code Quality and Security

  • FindBugs

    The new home of the FindBugs project

  • sonar-flutter

    SonarQube plugin for Flutter / Dart

    Project mention: Flutter : a journey to higher-quality apps | | 2022-07-26

    This library called sonar-flutter generates the well-known Sonarqube dashboard after taking into account all Dart & Flutter related measures :

  • forbidden-apis

    Policeman's Forbidden API Checker

    Project mention: Stop Using Utcnow and Utcfromtimestamp | | 2022-10-09

    > All this stuff would be a lot easier if timezones always had to be stated explicitly.

    On Java, you can use the forbidden-apis build plugin ( to fail the build whenever a timezone or locale or charset is not specified explicitly (it forbids the methods from the Java API which use an implicit timezone/locale/charset). I don't know whether there's something similar for Python; it might be harder because Python is much more dynamic (though it might be possible to use monkeypatching to warn whenever the bad methods are used).

  • proguard-core

    Library to read, write, analyze, and process java bytecode

    Project mention: Any news on the Classfile API? | | 2022-12-23

    Anyways, have you looked at Proguard core?

  • umldoclet

    Automatically generate PlantUML diagrams in javadoc

    Project mention: JavaDoc may support Markdown ! | | 2023-01-20

    I found another one for Java 9+, which even seems to be maintained:

  • error-prone-support

    Error Prone extensions: extra bug checkers and a large battery of Refaster rules.

    Project mention: Picnic Open-sources Error Prone Support | | 2022-10-13

    Maybe the checks and rules are already usable for you with these two checks disabled? By the way, it is not required to use either Guava or New Relic to be able to integrate Error Prone Support. For example, the `ScheduledTransactionTrace` BugCheck will just be a no-op if you don't use New Relic :). W.r.t. to your fourth point, if you are sure there is not a change in ordering and you indeed found a false positive could you maybe file a bug report :)? We want to fix all false positives where possible of course.

  • AndroidResourceManager

    Android Resource Manager application to manage and analyse your app resources with many features like image resize, Color, Dimens and code Analysis

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2023-02-04.

Java Code Analysis related posts


What are some of the best open-source Code Analysis projects in Java? This list will help you:

Project Stars
1 Checkstyle 7,503
2 SonarQube 7,475
3 Error Prone 6,326
4 JavaParser 4,533
5 PMD 4,143
6 NullAway 3,224
7 Spotbugs 2,951
8 find-sec-bugs 2,028
9 Spoon 1,442
10 pysonar2 1,324
11 SonarJava 986
12 FindBugs 724
13 sonar-flutter 298
14 forbidden-apis 283
15 proguard-core 228
16 umldoclet 191
17 error-prone-support 90
18 AndroidResourceManager 25
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives