Java Code Analysis

Open-source Java projects categorized as Code Analysis | Edit details

Top 16 Java Code Analysis Projects

  • GitHub repo Checkstyle

    Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.

    Project mention: How can I help my partner write better code? | reddit.com/r/learnprogramming | 2021-11-27

    I’m a little out of date with Java, but I believe Checkstyle is currently popular: https://github.com/checkstyle/checkstyle

  • GitHub repo SonarQube

    Continuous Inspection

    Project mention: SonarQube in a Homelab? | reddit.com/r/homelab | 2022-01-09

    I am wondering if it is possible to install SonarQube in my home network. I have 2 Raspberry Pis, one running Raspbian, the other running Ubuntu 20.04. I also have an Intel NUC.

  • SonarQube

    Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.

  • GitHub repo Error Prone

    Catch common Java mistakes as compile-time errors

    Project mention: Is there a tool to track CVEs for the software that we use? | reddit.com/r/sysadmin | 2021-12-14

    While at it you could also point them to static code analyzers such as error_prone, spotbugs and pmd (use all 3 at once - they complement each other in detecting different issues).

  • GitHub repo JavaParser

    Java 1-15 Parser and Abstract Syntax Tree for Java, including preview features to Java 13

    Project mention: Automatically unlocking concurrent builds and fine-grained caching for Java with dependency inference | reddit.com/r/java | 2021-11-29

    So after taking a deeper look into the docs I've seen that analysis is done via https://github.com/javaparser/javaparser/ lib which has currently only support up to JDK14 (not JDK15, JDK16 nor JDK17...maybe JDK18)...Unfortunately I have not found a full working example for a Java build ...can you give a link?

  • GitHub repo PMD

    An extensible multilanguage static code analyzer.

    Project mention: Is there a tool to track CVEs for the software that we use? | reddit.com/r/sysadmin | 2021-12-14

    While at it you could also point them to static code analyzers such as error_prone, spotbugs and pmd (use all 3 at once - they complement each other in detecting different issues).

  • GitHub repo NullAway

    A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead

    Project mention: Nullaway fully supports switch expressions without issues now in 0.9.5 | reddit.com/r/java | 2022-01-13
  • GitHub repo Spotbugs

    SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

    Project mention: What are some useful static analyzers for Java? | reddit.com/r/java | 2022-01-02
  • OPS

    OPS - Build and Run Open Source Unikernels. Quickly and easily build and deploy open source unikernels in tens of seconds. Deploy in any language to any cloud.

  • GitHub repo find-sec-bugs

    The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

    Project mention: What are some useful static analyzers for Java? | reddit.com/r/java | 2022-01-02

    SpotBugs have a lot of extensions such as https://find-sec-bugs.github.io/ https://github.com/KengoTODA/findbugs-slf4j and more, I recommend adding them as well

  • GitHub repo Spoon

    Spoon is a metaprogramming library to analyze and transform Java source code. :spoon: is made with :heart:, :beers: and :sparkles:. It parses source files to build a well-designed AST with powerful analysis and transformation API.

  • GitHub repo pysonar2

    PySonar2: an advanced semantic indexer for Python

    Project mention: Which Python static analysis tools should I use? | dev.to | 2021-03-02

    Some other tools are also worth mentioning, like PySonar2 (a type inferences and indexer), AutoPep8 (which automatically fixes PEP8). Also, don’t forget to check out the Code Quality mailing list, which currently covers PEP8, Pyflakes, mccabe, Flake8 and pylint.

  • GitHub repo SonarJava

    :coffee: SonarSource Static Analyzer for Java Code Quality and Security

  • GitHub repo FindBugs

    The new home of the FindBugs project

  • GitHub repo forbidden-apis

    Policeman's Forbidden API Checker

    Project mention: What are some useful static analyzers for Java? | reddit.com/r/java | 2022-01-02

    Besides the classic pmd/stopbugs/jacoco/owasp, a favorite of mine is forbidden-apis.

  • GitHub repo sonar-flutter

    SonarQube plugin for Flutter / Dart

    Project mention: Static Security Scan Tool for Dart | reddit.com/r/dartlang | 2021-10-29

    My team is working on introducing SonarQube There is a community version available for flutter. https://github.com/insideapp-oss/sonar-flutter. We're in the early stages and can't speak to the reliability or viability at this time.

  • GitHub repo proguard-core

    Library to read, write, analyze, and process java bytecode

    Project mention: AppSweep, mobile application scanning for developers | reddit.com/r/androiddev | 2021-08-03

    The biggest difference is our initial goal of creating a tool for application developers rather than a security team. This means we aim to exclude information that the application developer definitely knows and doesn't want to see again, e.g. the list of permissions an application is requesting. Furthermore we try to focus on nice and intuitive UX that is familiar to this audience, enabling an application developer to be very efficient in reading & interpreting the results (e.g. easy comparison of two builds). Also note that this is built on the same core technology as ProGuard. This foundation of compiler components (e.g. our partial evaluator) and the knowledge and experience at Guardsquare that comes with it will unlock many more in-depth code checks.

  • GitHub repo AndroidResourceManager

    Android Resource Manager application to manage and analyse your app resources with many features like image resize, Color, Dimens and code Analysis

    Project mention: Android Resource Manager tool | reddit.com/r/androiddev | 2021-06-03

    Github: https://github.com/AmrDeveloper/androidresourcemanager

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2022-01-13.

Java Code Analysis related posts

Index

What are some of the best open-source Code Analysis projects in Java? This list will help you:

Project Stars
1 Checkstyle 6,522
2 SonarQube 6,419
3 Error Prone 5,827
4 JavaParser 4,009
5 PMD 3,691
6 NullAway 3,042
7 Spotbugs 2,596
8 find-sec-bugs 1,760
9 Spoon 1,273
10 pysonar2 1,201
11 SonarJava 858
12 FindBugs 688
13 forbidden-apis 245
14 sonar-flutter 205
15 proguard-core 153
16 AndroidResourceManager 25
Find remote jobs at our new job board 99remotejobs.com. There are 29 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
Less time debugging, more time building
Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
scoutapm.com