Java Static Analysis

Open-source Java projects categorized as Static Analysis

Top 23 Java Static Analysis Projects

Static Analysis
  1. bytecode-viewer

    A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

  2. Stream

    Stream - Scalable APIs for Chat, Feeds, Moderation, & Video. Stream helps developers build engaging apps that scale to millions with performant and flexible Chat, Feeds, Moderation, and Video APIs and SDKs powered by a global edge network and enterprise-grade infrastructure.

    Stream logo
  3. SonarQube

    Continuous Inspection

    Project mention: Essential Resources for Software Technical Debt Management | dev.to | 2025-06-22

    SonarQube: Link - Open-source platform for continuous code quality inspection, identifying bugs and code smells.

  4. Checkstyle

    Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.

    Project mention: Contribution Instructions: Formate Code and Linting | dev.to | 2024-11-01

    We had a list of suggested code formation tools, as my code was written in Java I decided to use suggested formatter GoogleJavaFormat. However, I didn't decide to pick suggested tool for Linter. I picked Checkstyle; for the reason, that SpotBugs wasn't available for JDK 22.

  5. Error Prone

    Catch common Java mistakes as compile-time errors

    Project mention: Using tests as a debugging tool for logic errors | news.ycombinator.com | 2025-05-07

    This article seems like a very long-winded and complicated way to say that we should write tests. Am I missing something here? Wouldn't most developers write tests when creating algorithms, let alone something relating to finance as tax calculations? Yes, you should reproduce a defect by writing a failing tests first.

    Where I hoped/thought this piece would go was to expand on the idea of error-prone[1] and apply it to the runtime.

    https://github.com/google/error-prone

  6. Recaf

    The modern Java bytecode editor

  7. PMD

    An extensible multilanguage static code analyzer.

    Project mention: Top 17 Must-Have Resources for Software Refactoring Excellence | dev.to | 2025-06-23

    Utilize PMD for Code Analysis

  8. NullAway

    A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead

    Project mention: JVM/Java: Null-Restricted and Nullable Types | news.ycombinator.com | 2024-08-02

    Would be cool if Java got this feature, explicit optionality at a language level a la T? is an enormous developer QoL in Kotlin and Typescript in my experience. In Java there's tools like NullAway [1] but they're a hassle.

    Language-level support is leagues better than Optional/Maybe in my experience too because it keeps the code focused on the actual logic instead of putting everything in a map/flatMap railway.

    [1] https://github.com/uber/NullAway

  9. InfluxDB

    InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

    InfluxDB logo
  10. Spotbugs

    SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

  11. soot

    Soot - A Java optimization framework

  12. find-sec-bugs

    The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

  13. Spoon

    Spoon is a metaprogramming library to analyze and transform Java source code. :spoon: is made with :heart:, :beers: and :sparkles:. It parses source files to build a well-designed AST with powerful analysis and transformation API.

  14. phpinspectionsea

    A Static Code Analyzer for PHP (a PhpStorm/Idea Plugin)

  15. pysonar2

    PySonar2: a semantic indexer for Python with interprocedual type inference

  16. SonarJava

    :coffee: SonarSource Static Analyzer for Java Code Quality and Security

  17. FlowDroid

    FlowDroid Static Data Flow Tracker

  18. jspecify

    An artifact of fully-specified annotations to power static-analysis checks, beginning with nullness analysis.

  19. SootUp

    A new version of Soot with a completely overhauled architecture

    Project mention: Show HN: FlowTracker – Track data flowing through Java programs | news.ycombinator.com | 2024-09-13

    Last time I was this blown away was with jitwatch ( https://github.com/AdoptOpenJDK/jitwatch )

    FlowTracker reminds me a little of taint analysis, which is used for tracking unvalidated user inputs or secrets through a program, making sure it is not leaked or used without validation.

    search keywords are "dynamic taint tracking/analysis"

    https://github.com/gmu-swe/phosphor

    https://github.com/soot-oss/SootUp

    https://github.com/feliam/klee-taint

  20. RefactorFirst

    Identifies and prioritizes God Classes Highly Coupled classes, and Class Cycles in Java codebases you should refactor first.

  21. sonar-php

    :elephant: SonarPHP: PHP static analyzer for SonarQube & SonarLint

  22. ck

    Code metrics for Java code by means of static analysis (by mauricioaniche)

  23. Modernizer

    Detect uses of legacy Java APIs

  24. forbidden-apis

    Policeman's Forbidden API Checker

  25. warnings-ng-plugin

    Jenkins Warnings Plugin - Next Generation

  26. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Java Static Analysis discussion

Log in or Post with

Java Static Analysis related posts

  • Top 17 Must-Have Resources for Software Refactoring Excellence

    2 projects | dev.to | 23 Jun 2025
  • Essential Resources for Software Technical Debt Management

    1 project | dev.to | 22 Jun 2025
  • Using tests as a debugging tool for logic errors

    1 project | news.ycombinator.com | 7 May 2025
  • JEP Draft: Prepare to Make Final Mean Final

    2 projects | news.ycombinator.com | 1 Apr 2025
  • Análise Comparativa: Aider vs. PMD vs. Semgrep

    3 projects | dev.to | 27 Feb 2025
  • Aider: Integração Avançada de LLMs no Desenvolvimento de Software

    2 projects | dev.to | 26 Feb 2025
  • Navigating the Software Developer Life: Soft Skills, AI Tools, and Team Dynamics

    1 project | dev.to | 17 Aug 2024
  • A note from our sponsor - SaaSHub
    www.saashub.com | 8 Jul 2025
    SaaSHub helps you find the best software and product alternatives Learn more →

Index

What are some of the best open-source Static Analysis projects in Java? This list will help you:

# Project Stars
1 bytecode-viewer 15,096
2 SonarQube 9,702
3 Checkstyle 8,623
4 Error Prone 7,000
5 Recaf 6,504
6 PMD 5,143
7 NullAway 3,784
8 Spotbugs 3,687
9 soot 2,991
10 find-sec-bugs 2,353
11 Spoon 1,828
12 phpinspectionsea 1,464
13 pysonar2 1,414
14 SonarJava 1,166
15 FlowDroid 1,141
16 jspecify 774
17 SootUp 699
18 RefactorFirst 496
19 sonar-php 411
20 ck 408
21 Modernizer 383
22 forbidden-apis 351
23 warnings-ng-plugin 345

Sponsored
Stream - Scalable APIs for Chat, Feeds, Moderation, & Video.
Stream helps developers build engaging apps that scale to millions with performant and flexible Chat, Feeds, Moderation, and Video APIs and SDKs powered by a global edge network and enterprise-grade infrastructure.
getstream.io

Did you know that Java is
the 8th most popular programming language
based on number of references?