Java Static Analysis

Open-source Java projects categorized as Static Analysis

Top 23 Java Static Analysis Projects

Static Analysis
  • bytecode-viewer

    A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
  • SonarQube

    Continuous Inspection

    Project mention: Cloud Security and Resilience: DevSecOps Tools and Practices | dev.to | 2024-05-01

    2. SonarQube: https://github.com/SonarSource/sonarqube SonarQube enhances code quality and security. It performs automatic reviews to detect bugs, vulnerabilities, and code smells in your code.

  • Checkstyle

    Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.

  • Error Prone

    Catch common Java mistakes as compile-time errors

  • Recaf

    The modern Java bytecode editor

  • PMD

    An extensible multilanguage static code analyzer.

    Project mention: We Have Code Quality At Home: Open Source Java Code Quality Tools | dev.to | 2024-05-06

    PMD is a source code static analysis tool. It inspects your Java files for any issues, and has a configurable set of rules to look at.

  • NullAway

    A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead

    Project mention: What if null was an Object in Java? | news.ycombinator.com | 2024-04-28

    Fortunately, Uber made tooling for languages with broken type systems

    * https://github.com/uber/NullAway

    * https://github.com/uber-go/nilaway

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  • Spotbugs

    SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

    Project mention: We Have Code Quality At Home: Open Source Java Code Quality Tools | dev.to | 2024-05-06

    SpotBugs is an open source static anlysis tool. "SpotBugs uses static analysis to inspect Java bytecode for occurrences of bug patterns." This means that SpotBugs runs against the compiled source source code, rather than raw Java files. Because it analyses bytecode, it can catch some types of bugs that source code analysis would not catch.

  • soot

    Soot - A Java optimization framework

  • find-sec-bugs

    The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

  • Spoon

    Spoon is a metaprogramming library to analyze and transform Java source code. :spoon: is made with :heart:, :beers: and :sparkles:. It parses source files to build a well-designed AST with powerful analysis and transformation API.

    Project mention: Release Radar · April 2024 Edition: Major updates from the open source community | dev.to | 2024-05-03

    The creators at Spoon claim that "🥄 is made with ❤️, 🍻 and ✨"! And why not?! Spoon is a metaprogramming library to analyze and transform Java source code by parsing source files to build a well-designed AST (Abstract Syntax Tree). The latest version supports Java 17 and the modelling of receiver parameters has been changed. Read all about the changes in the release notes.

  • phpinspectionsea

    A Static Code Analyzer for PHP (a PhpStorm/Idea Plugin)

  • pysonar2

    PySonar2: a semantic indexer for Python with interprocedual type inference

  • SonarJava

    :coffee: SonarSource Static Analyzer for Java Code Quality and Security

  • FlowDroid

    FlowDroid Static Data Flow Tracker

  • jspecify

    An artifact of fully-specified annotations to power static-analysis checks, beginning with nullness analysis.

    Project mention: Java, null, and JSpecify [video link] | /r/java | 2023-12-11

    There's also a fair amount of content to explore starting at jspecify.org.

  • sonar-php

    :elephant: SonarPHP: PHP static analyzer for SonarQube & SonarLint

  • Modernizer

    Detect uses of legacy Java APIs

  • ck

    Code metrics for Java code by means of static analysis (by mauricioaniche)

  • RefactorFirst

    Identifies and prioritizes God Classes and Highly Coupled classes in Java codebases you should refactor first.

  • warnings-ng-plugin

    Jenkins Warnings Plugin - Next Generation

  • forbidden-apis

    Policeman's Forbidden API Checker

  • SkidSuite

    A collection of java reverse engineering tools and informational links

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Java Static Analysis discussion

Log in or Post with

Java Static Analysis related posts

  • We Have Code Quality At Home: Open Source Java Code Quality Tools

    4 projects | dev.to | 6 May 2024
  • Handling EI_EXPOSE_REP & EI_EXPOSE_REP2 👨🏻‍💻

    1 project | dev.to | 30 Apr 2024
  • PMD 7 Is Here

    1 project | news.ycombinator.com | 22 Mar 2024
  • Java, null, and JSpecify [video link]

    1 project | /r/java | 11 Dec 2023
  • Amazon CodeGuru Reviewer: already time for retirement?

    2 projects | dev.to | 1 Aug 2023
  • 📢📢📢RefactorFirst 0.4.0 is released!!!📢📢📢

    1 project | /r/java | 27 Jun 2023
  • Design document on nullability and value types (Brian Goetz)

    1 project | /r/java | 2 Jun 2023
  • A note from our sponsor - InfluxDB
    www.influxdata.com | 23 Jul 2024
    Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →

Index

What are some of the best open-source Static Analysis projects in Java? This list will help you:

Project Stars
1 bytecode-viewer 14,480
2 SonarQube 8,784
3 Checkstyle 8,240
4 Error Prone 6,779
5 Recaf 5,806
6 PMD 4,737
7 NullAway 3,595
8 Spotbugs 3,404
9 soot 2,833
10 find-sec-bugs 2,234
11 Spoon 1,712
12 phpinspectionsea 1,433
13 pysonar2 1,376
14 SonarJava 1,102
15 FlowDroid 1,030
16 jspecify 453
17 sonar-php 383
18 Modernizer 369
19 ck 362
20 RefactorFirst 352
21 warnings-ng-plugin 333
22 forbidden-apis 320
23 SkidSuite 303

Sponsored
Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com

Did you konow that Java is
the 8th most popular programming language
based on number of metions?