Top 16 Java Code Analysis Projects
-
Checkstyle
Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
Project mention: How can I help my partner write better code? | reddit.com/r/learnprogramming | 2021-11-27I’m a little out of date with Java, but I believe Checkstyle is currently popular: https://github.com/checkstyle/checkstyle
-
I am wondering if it is possible to install SonarQube in my home network. I have 2 Raspberry Pis, one running Raspbian, the other running Ubuntu 20.04. I also have an Intel NUC.
-
SonarQube
Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.
-
Project mention: Is there a tool to track CVEs for the software that we use? | reddit.com/r/sysadmin | 2021-12-14
While at it you could also point them to static code analyzers such as error_prone, spotbugs and pmd (use all 3 at once - they complement each other in detecting different issues).
-
JavaParser
Java 1-15 Parser and Abstract Syntax Tree for Java, including preview features to Java 13
Project mention: Automatically unlocking concurrent builds and fine-grained caching for Java with dependency inference | reddit.com/r/java | 2021-11-29So after taking a deeper look into the docs I've seen that analysis is done via https://github.com/javaparser/javaparser/ lib which has currently only support up to JDK14 (not JDK15, JDK16 nor JDK17...maybe JDK18)...Unfortunately I have not found a full working example for a Java build ...can you give a link?
-
Project mention: Is there a tool to track CVEs for the software that we use? | reddit.com/r/sysadmin | 2021-12-14
While at it you could also point them to static code analyzers such as error_prone, spotbugs and pmd (use all 3 at once - they complement each other in detecting different issues).
-
NullAway
A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead
Project mention: Nullaway fully supports switch expressions without issues now in 0.9.5 | reddit.com/r/java | 2022-01-13 -
-
OPS
OPS - Build and Run Open Source Unikernels. Quickly and easily build and deploy open source unikernels in tens of seconds. Deploy in any language to any cloud.
-
find-sec-bugs
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
SpotBugs have a lot of extensions such as https://find-sec-bugs.github.io/ https://github.com/KengoTODA/findbugs-slf4j and more, I recommend adding them as well
-
Spoon
Spoon is a metaprogramming library to analyze and transform Java source code. :spoon: is made with :heart:, :beers: and :sparkles:. It parses source files to build a well-designed AST with powerful analysis and transformation API.
-
Some other tools are also worth mentioning, like PySonar2 (a type inferences and indexer), AutoPep8 (which automatically fixes PEP8). Also, don’t forget to check out the Code Quality mailing list, which currently covers PEP8, Pyflakes, mccabe, Flake8 and pylint.
-
-
-
Besides the classic pmd/stopbugs/jacoco/owasp, a favorite of mine is forbidden-apis.
-
My team is working on introducing SonarQube There is a community version available for flutter. https://github.com/insideapp-oss/sonar-flutter. We're in the early stages and can't speak to the reliability or viability at this time.
-
Project mention: AppSweep, mobile application scanning for developers | reddit.com/r/androiddev | 2021-08-03
The biggest difference is our initial goal of creating a tool for application developers rather than a security team. This means we aim to exclude information that the application developer definitely knows and doesn't want to see again, e.g. the list of permissions an application is requesting. Furthermore we try to focus on nice and intuitive UX that is familiar to this audience, enabling an application developer to be very efficient in reading & interpreting the results (e.g. easy comparison of two builds). Also note that this is built on the same core technology as ProGuard. This foundation of compiler components (e.g. our partial evaluator) and the knowledge and experience at Guardsquare that comes with it will unlock many more in-depth code checks.
-
AndroidResourceManager
Android Resource Manager application to manage and analyse your app resources with many features like image resize, Color, Dimens and code Analysis
Github: https://github.com/AmrDeveloper/androidresourcemanager
Java Code Analysis related posts
- Nullaway fully supports switch expressions without issues now in 0.9.5
- SonarQube in a Homelab?
- What are some useful static analyzers for Java?
- Is there a tool to track CVEs for the software that we use?
- How to setup CI/CD for org-based development?
- How can I help my partner write better code?
- Is it possible to measure spaghettiness of code?
Index
What are some of the best open-source Code Analysis projects in Java? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | Checkstyle | 6,522 |
| 2 | SonarQube | 6,419 |
| 3 | Error Prone | 5,827 |
| 4 | JavaParser | 4,009 |
| 5 | PMD | 3,691 |
| 6 | NullAway | 3,042 |
| 7 | Spotbugs | 2,596 |
| 8 | find-sec-bugs | 1,760 |
| 9 | Spoon | 1,273 |
| 10 | pysonar2 | 1,201 |
| 11 | SonarJava | 858 |
| 12 | FindBugs | 688 |
| 13 | forbidden-apis | 245 |
| 14 | sonar-flutter | 205 |
| 15 | proguard-core | 153 |
| 16 | AndroidResourceManager | 25 |
Are you hiring? Post a new remote job listing for free.
