Top 11 Java static-code-analysis Projects

• Checkstyle

  6 7,497 9.9 Java

  Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.

  

  Project mention: 5 easy paths to become a recognized Java expert. Really. For free. | dev.to | 2022-08-25

• PMD

  4 4,127 9.9 Java

  An extensible multilanguage static code analyzer.

  

  Project mention: Spring Boot – Black Box Testing | dev.to | 2022-11-13

  The generated classes should be put into .gitignore. Otherwise, if you have Checkstyle, PMD, or SonarQube in your project, then generated classes can violate some rules. Besides, if you don't put them into .gitignore, then each pull request might become huge due to the fact that even a slightest fix can lead to lots of changes in the generated classes.

• InfluxDB

  www.influxdata.com

  sponsored

  Build time-series-based applications quickly and at scale.. InfluxDB is the Time Series Platform where developers build real-time applications for analytics, IoT and cloud-native services. Easy to start, it is available in the cloud or on-premises.

  

• NullAway

  7 3,222 7.4 Java

  A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead

  

  Project mention: Retrofitting null-safety onto Java at Meta | news.ycombinator.com | 2022-11-22

  Does anyone have experience using this at Meta who can compare to https://github.com/uber/NullAway ?

• Spotbugs

  3 2,939 9.6 Java

  SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

  

  Project mention: Primeiros passos no desenvolvimento Java em 2023: um guia particular | dev.to | 2023-01-19

• phpinspectionsea

  1 1,358 0.0 Java

  A Static Code Analyzer for PHP (a PhpStorm/Idea Plugin)

  Project mention: 7 Laravel Packages to Improve Coding Standards and Reduce Bugs | dev.to | 2022-08-01

  PHP Inspections is a static code analyzer and code review tool for PhpStorm IDE.

• SonarJava

  0 985 9.2 Java

  :coffee: SonarSource Static Analyzer for Java Code Quality and Security

  

• sonar-php

  1 344 5.7 Java

  :elephant: SonarPHP: PHP static analyzer for SonarQube & SonarLint

  

  Project mention: How does one get this "PHP Control Flow Viewer" sidebar? | reddit.com/r/phpstorm | 2022-02-10

• Sonar

  www.sonarsource.com

  sponsored

  Write Clean Java Code. Always.. Sonar helps you commit clean code every time. With over 600 unique rules to find Java bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.

  

• warnings-ng-plugin

  1 317 9.3 Java

  Jenkins Warnings Plugin - Next Generation

  

  Project mention: How do you setup coverage/ sanitizers in your CI system. | reddit.com/r/cpp | 2023-01-27

  Jenkins for C/C++, at least, also has a small bus factor (https://en.wikipedia.org/wiki/Bus_factor). Without https://github.com/uhafner Jenkins would be little more than a daemon that triggers builds as a reaction to a webhook on pushing. He basically maintains, alone https://plugins.jenkins.io/warnings-ng/, https://plugins.jenkins.io/code-coverage-api/ and other stuff.

• forbidden-apis

  2 282 4.0 Java

  Policeman's Forbidden API Checker

  

  Project mention: Stop Using Utcnow and Utcfromtimestamp | news.ycombinator.com | 2022-10-09

  > All this stuff would be a lot easier if timezones always had to be stated explicitly.

  On Java, you can use the forbidden-apis build plugin (https://github.com/policeman-tools/forbidden-apis) to fail the build whenever a timezone or locale or charset is not specified explicitly (it forbids the methods from the Java API which use an implicit timezone/locale/charset). I don't know whether there's something similar for Python; it might be harder because Python is much more dynamic (though it might be possible to use monkeypatching to warn whenever the bad methods are used).

• fb-contrib

  0 133 0.0 Java

  a FindBugs/SpotBugs plugin for doing static code analysis for java code bases

• violation-comments-to-github-command-line

  0 3 3.3 Java

  Report static code analysis to GitHub

Java static-code-analysis related posts

• How do you setup coverage/ sanitizers in your CI system.
  2 projects | reddit.com/r/cpp | 27 Jan 2023
• Static Code Analyzer for JAVA development: any recommendations ??
  1 project | reddit.com/r/AskNetsec | 8 Nov 2022
• Java Checkstyle reports formatting as a warning, not an error despite my explicit severity
  1 project | reddit.com/r/javahelp | 16 Aug 2022
• Checkstyle - development tool to help programmers write Java code that adheres to a coding standard.
  1 project | reddit.com/r/github_trends | 29 Apr 2022
• Code smell plugin
  2 projects | reddit.com/r/javahelp | 15 Feb 2022
• What are some useful static analyzers for Java?
  9 projects | reddit.com/r/java | 2 Jan 2022
• How to setup CI/CD for org-based development?
  2 projects | reddit.com/r/salesforce | 10 Dec 2021
• A note from our sponsor - InfluxDB
  www.influxdata.com | 31 Jan 2023

  InfluxDB is the Time Series Platform where developers build real-time applications for analytics, IoT and cloud-native services. Easy to start, it is available in the cloud or on-premises. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com

Do not miss the trending Java projects with our weekly report!