Top 23 Java Static Analysis Projects

Static Analysis

• Add a project

1. bytecode-viewer

   1 9 15,096 9.1 Java

   A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

   

2. Stream

   getstream.io featured

   Stream - Scalable APIs for Chat, Feeds, Moderation, & Video. Stream helps developers build engaging apps that scale to millions with performant and flexible Chat, Feeds, Moderation, and Video APIs and SDKs powered by a global edge network and enterprise-grade infrastructure.

   

3. SonarQube

   2 72 9,702 9.9 Java

   Continuous Inspection

   

   Project mention: Essential Resources for Software Technical Debt Management | dev.to | 2025-06-22

   SonarQube: Link - Open-source platform for continuous code quality inspection, identifying bugs and code smells.

4. Checkstyle

   3 17 8,623 9.9 Java

   Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.

   

   Project mention: Contribution Instructions: Formate Code and Linting | dev.to | 2024-11-01

   We had a list of suggested code formation tools, as my code was written in Java I decided to use suggested formatter GoogleJavaFormat. However, I didn't decide to pick suggested tool for Linter. I picked Checkstyle; for the reason, that SpotBugs wasn't available for JDK 22.

5. Error Prone

   4 18 7,000 9.7 Java

   Catch common Java mistakes as compile-time errors

   

   Project mention: Using tests as a debugging tool for logic errors | news.ycombinator.com | 2025-05-07

   This article seems like a very long-winded and complicated way to say that we should write tests. Am I missing something here? Wouldn't most developers write tests when creating algorithms, let alone something relating to finance as tax calculations? Yes, you should reproduce a defect by writing a failing tests first.

   Where I hoped/thought this piece would go was to expand on the idea of error-prone[1] and apply it to the runtime.

   https://github.com/google/error-prone

6. Recaf

   5 24 6,504 9.7 Java

   The modern Java bytecode editor

   

7. PMD

   6 24 5,143 9.9 Java

   An extensible multilanguage static code analyzer.

   

   Project mention: Top 17 Must-Have Resources for Software Refactoring Excellence | dev.to | 2025-06-23

   Utilize PMD for Code Analysis

8. NullAway

   7 22 3,784 9.0 Java

   A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead

   

   Project mention: JVM/Java: Null-Restricted and Nullable Types | news.ycombinator.com | 2024-08-02

   Would be cool if Java got this feature, explicit optionality at a language level a la T? is an enormous developer QoL in Kotlin and Typescript in my experience. In Java there's tools like NullAway [1] but they're a hassle.

   Language-level support is leagues better than Optional/Maybe in my experience too because it keeps the code focused on the actual logic instead of putting everything in a map/flatMap railway.

   [1] https://github.com/uber/NullAway

9. InfluxDB

   www.influxdata.com featured

   InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

   

10. Spotbugs

    8 19 3,687 9.6 Java

    SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

    

11. soot

    9 1 2,991 9.2 Java

    Soot - A Java optimization framework

    

12. find-sec-bugs

    10 8 2,353 6.2 Java

    The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

    

13. Spoon

    11 2 1,828 9.6 Java

    Spoon is a metaprogramming library to analyze and transform Java source code. :spoon: is made with :heart:, :beers: and :sparkles:. It parses source files to build a well-designed AST with powerful analysis and transformation API.

    

14. phpinspectionsea

    12 5 1,464 7.7 Java

    A Static Code Analyzer for PHP (a PhpStorm/Idea Plugin)

    

15. pysonar2

    13 1 1,414 0.0 Java

    PySonar2: a semantic indexer for Python with interprocedual type inference

    

16. SonarJava

    14 0 1,166 9.6 Java

    :coffee: SonarSource Static Analyzer for Java Code Quality and Security

    

17. FlowDroid

    15 1 1,141 8.9 Java

    FlowDroid Static Data Flow Tracker

    

18. jspecify

    16 11 774 8.3 Java

    An artifact of fully-specified annotations to power static-analysis checks, beginning with nullness analysis.

    

19. SootUp

    17 1 699 9.8 Java

    A new version of Soot with a completely overhauled architecture

    

    Project mention: Show HN: FlowTracker – Track data flowing through Java programs | news.ycombinator.com | 2024-09-13

    Last time I was this blown away was with jitwatch ( https://github.com/AdoptOpenJDK/jitwatch )

    FlowTracker reminds me a little of taint analysis, which is used for tracking unvalidated user inputs or secrets through a program, making sure it is not leaked or used without validation.

    search keywords are "dynamic taint tracking/analysis"

    https://github.com/gmu-swe/phosphor

    https://github.com/soot-oss/SootUp

    https://github.com/feliam/klee-taint

20. RefactorFirst

    18 3 496 9.1 Java

    Identifies and prioritizes God Classes Highly Coupled classes, and Class Cycles in Java codebases you should refactor first.

    

21. sonar-php

    19 1 411 9.1 Java

    :elephant: SonarPHP: PHP static analyzer for SonarQube & SonarLint

    

22. ck

    20 3 408 4.9 Java

    Code metrics for Java code by means of static analysis (by mauricioaniche)

    

23. Modernizer

    21 5 383 8.6 Java

    Detect uses of legacy Java APIs

    

24. forbidden-apis

    22 4 351 7.1 Java

    Policeman's Forbidden API Checker

    

25. warnings-ng-plugin

    23 3 345 9.5 Java

    Jenkins Warnings Plugin - Next Generation

    

26. SaaSHub

    www.saashub.com featured

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    

Java Static Analysis related posts

• Top 17 Must-Have Resources for Software Refactoring Excellence

  2 projects | dev.to | 23 Jun 2025

• Essential Resources for Software Technical Debt Management

  1 project | dev.to | 22 Jun 2025

• Using tests as a debugging tool for logic errors

  1 project | news.ycombinator.com | 7 May 2025

• JEP Draft: Prepare to Make Final Mean Final

  2 projects | news.ycombinator.com | 1 Apr 2025

• Análise Comparativa: Aider vs. PMD vs. Semgrep

  3 projects | dev.to | 27 Feb 2025

• Aider: Integração Avançada de LLMs no Desenvolvimento de Software

  2 projects | dev.to | 26 Feb 2025

• Navigating the Software Developer Life: Soft Skills, AI Tools, and Team Dynamics

  1 project | dev.to | 17 Aug 2024
• A note from our sponsor - SaaSHub
  www.saashub.com | 8 Jul 2025

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

Stream - Scalable APIs for Chat, Feeds, Moderation, & Video.

Stream helps developers build engaging apps that scale to millions with performant and flexible Chat, Feeds, Moderation, and Video APIs and SDKs powered by a global edge network and enterprise-grade infrastructure.

getstream.io

Do not miss the trending Java projects with our weekly report!