Java Static Analysis

Open-source Java projects categorized as Static Analysis | Edit details

Top 18 Java Static Analysis Projects

  • GitHub repo Checkstyle

    Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.

    Project mention: How can I help my partner write better code? | reddit.com/r/learnprogramming | 2021-11-27

    I’m a little out of date with Java, but I believe Checkstyle is currently popular: https://github.com/checkstyle/checkstyle

  • GitHub repo SonarQube

    Continuous Inspection

    Project mention: SonarQube in a Homelab? | reddit.com/r/homelab | 2022-01-09

    I am wondering if it is possible to install SonarQube in my home network. I have 2 Raspberry Pis, one running Raspbian, the other running Ubuntu 20.04. I also have an Intel NUC.

  • SonarLint

    Deliver Cleaner and Safer Code - Right in Your IDE of Choice!. SonarLint is a free and open source IDE extension that identifies and catches bugs and vulnerabilities as you code, directly in the IDE. Install from your favorite IDE marketplace today.

  • GitHub repo Error Prone

    Catch common Java mistakes as compile-time errors

    Project mention: Is there a tool to track CVEs for the software that we use? | reddit.com/r/sysadmin | 2021-12-14

    While at it you could also point them to static code analyzers such as error_prone, spotbugs and pmd (use all 3 at once - they complement each other in detecting different issues).

  • GitHub repo PMD

    An extensible multilanguage static code analyzer.

    Project mention: Is there a tool to track CVEs for the software that we use? | reddit.com/r/sysadmin | 2021-12-14

    While at it you could also point them to static code analyzers such as error_prone, spotbugs and pmd (use all 3 at once - they complement each other in detecting different issues).

  • GitHub repo Recaf

    The modern Java bytecode editor

    Project mention: Java versus Kotlin - personal experiences | reddit.com/r/Kotlin | 2021-12-24

    #1: Are you interested in learning about low latency zero allocation programming? #2: Recaf: Java bytecode reversing tool I've been working on for the past 3.5 years | 37 comments #3: My experimental IDE plugin for displaying all project files in a single view, with zoom/pan and code editing. More info in comments. | 57 comments

  • GitHub repo NullAway

    A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead

    Project mention: Nullaway fully supports switch expressions without issues now in 0.9.5 | reddit.com/r/java | 2022-01-13
  • GitHub repo Spotbugs

    SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

    Project mention: What are some useful static analyzers for Java? | reddit.com/r/java | 2022-01-02
  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • GitHub repo soot

    Soot - A Java optimization framework

    Project mention: A Scala rant | reddit.com/r/scala | 2021-03-31

    Yeah, I think a cross compiler would be the only way such a thing could be possible. It would be interesting to see how many collections are actually changed though. I have written similar things using soot. The biggest question is whether there would be enough people who would want such a thing. I can't imagine the time savings vs time spent would pay off for me personally.

  • GitHub repo find-sec-bugs

    The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

    Project mention: What are some useful static analyzers for Java? | reddit.com/r/java | 2022-01-02

    SpotBugs have a lot of extensions such as https://find-sec-bugs.github.io/ https://github.com/KengoTODA/findbugs-slf4j and more, I recommend adding them as well

  • GitHub repo phpinspectionsea

    A Static Code Analyzer for PHP (a PhpStorm/Idea Plugin)

    Project mention: What are those micro-optimizations that you can't forget? | reddit.com/r/PHP | 2021-09-01

    The PHP-EA Extended static analysis plugin for PHPStorm has a number of Performance rules which has some of the same items as this list, although they're not all in the performance category, the single quotes inspection is under code style.

  • GitHub repo Spoon

    Spoon is a metaprogramming library to analyze and transform Java source code. :spoon: is made with :heart:, :beers: and :sparkles:. It parses source files to build a well-designed AST with powerful analysis and transformation API.

  • GitHub repo pysonar2

    PySonar2: an advanced semantic indexer for Python

    Project mention: Which Python static analysis tools should I use? | dev.to | 2021-03-02

    Some other tools are also worth mentioning, like PySonar2 (a type inferences and indexer), AutoPep8 (which automatically fixes PEP8). Also, don’t forget to check out the Code Quality mailing list, which currently covers PEP8, Pyflakes, mccabe, Flake8 and pylint.

  • GitHub repo SonarJava

    :coffee: SonarSource Static Analyzer for Java Code Quality and Security

  • GitHub repo Modernizer

    Detect uses of legacy Java APIs

    Project mention: Detect uses of legacy Java or library APIs | news.ycombinator.com | 2021-08-26
  • GitHub repo warnings-ng-plugin

    Jenkins Warnings Plugin - Next Generation

    Project mention: Any good alternative for SonarQube which is free of cost? | reddit.com/r/jenkinsci | 2021-04-03
  • GitHub repo forbidden-apis

    Policeman's Forbidden API Checker

    Project mention: What are some useful static analyzers for Java? | reddit.com/r/java | 2022-01-02

    Besides the classic pmd/stopbugs/jacoco/owasp, a favorite of mine is forbidden-apis.

  • GitHub repo ck

    Code metrics for Java code by means of static analysis (by mauricioaniche)

    Project mention: Is it possible to measure spaghettiness of code? | reddit.com/r/AskProgramming | 2021-11-25

    This is the definition of cohesion and there are many great tools to calculate cohesion metrics (depending on the programming language e.g Java). Cohesion metrics belong to a bigger set of metrics called OOP metrics (or ck metrics). Check out the following links: https://github.com/mauricioaniche/ck https://github.com/cqfn/jpeek https://github.com/rodhilton/jasome https://github.com/pmd/pmd

  • GitHub repo jpeek

    Java Code Static Metrics (Cohesion, Coupling, etc.)

    Project mention: Is it possible to measure spaghettiness of code? | reddit.com/r/AskProgramming | 2021-11-25

    This is the definition of cohesion and there are many great tools to calculate cohesion metrics (depending on the programming language e.g Java). Cohesion metrics belong to a bigger set of metrics called OOP metrics (or ck metrics). Check out the following links: https://github.com/mauricioaniche/ck https://github.com/cqfn/jpeek https://github.com/rodhilton/jasome https://github.com/pmd/pmd

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2022-01-13.

Java Static Analysis related posts

Index

What are some of the best open-source Static Analysis projects in Java? This list will help you:

Project Stars
1 Checkstyle 6,522
2 SonarQube 6,419
3 Error Prone 5,827
4 PMD 3,691
5 Recaf 3,482
6 NullAway 3,042
7 Spotbugs 2,596
8 soot 2,081
9 find-sec-bugs 1,760
10 phpinspectionsea 1,285
11 Spoon 1,273
12 pysonar2 1,201
13 SonarJava 858
14 Modernizer 298
15 warnings-ng-plugin 286
16 forbidden-apis 245
17 ck 232
18 jpeek 179
Find remote jobs at our new job board 99remotejobs.com. There are 29 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
OPS - Build and Run Open Source Unikernels
Quickly and easily build and deploy open source unikernels in tens of seconds. Deploy in any language to any cloud.
github.com/nanovms