InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now. Learn more →
Top 11 Java static-code-analysis Projects
-
Checkstyle
Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
We had a list of suggested code formation tools, as my code was written in Java I decided to use suggested formatter GoogleJavaFormat. However, I didn't decide to pick suggested tool for Linter. I picked Checkstyle; for the reason, that SpotBugs wasn't available for JDK 22.
-
Sevalla
Deploy and host your apps and databases, now with $50 credit! Sevalla is the PaaS you have been looking for! Advanced deployment pipelines, usage-based pricing, preview apps, templates, human support by developers, and much more!
-
Project mention: Top 17 Must-Have Resources for Software Refactoring Excellence | dev.to | 2025-06-23
Utilize PMD for Code Analysis
-
NullAway
A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead
-
-
-
-
Project mention: Show HN: FlowTracker – Track data flowing through Java programs | news.ycombinator.com | 2024-09-13
Last time I was this blown away was with jitwatch ( https://github.com/AdoptOpenJDK/jitwatch )
FlowTracker reminds me a little of taint analysis, which is used for tracking unvalidated user inputs or secrets through a program, making sure it is not leaked or used without validation.
search keywords are "dynamic taint tracking/analysis"
https://github.com/gmu-swe/phosphor
https://github.com/soot-oss/SootUp
https://github.com/feliam/klee-taint
-
InfluxDB
InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.
-
-
-
-
NOTE:
The open source projects on this list are ordered by number of github stars.
The number of mentions indicates repo mentiontions in the last 12 Months or
since we started tracking (Dec 2020).
Java static-code-analysis discussion
Java static-code-analysis related posts
-
Análise Comparativa: Aider vs. PMD vs. Semgrep
-
Contribution Instructions: Formate Code and Linting
-
Show HN: FlowTracker – Track data flowing through Java programs
-
We Have Code Quality At Home: Open Source Java Code Quality Tools
-
Handling EI_EXPOSE_REP & EI_EXPOSE_REP2 👨🏻💻
-
PMD 7 Is Here
-
Amazon CodeGuru Reviewer: already time for retirement?
-
A note from our sponsor - InfluxDB
www.influxdata.com | 1 Sep 2025
Index
What are some of the best open-source static-code-analysis projects in Java? This list will help you:
| # | Project | Stars |
|---|---|---|
| 1 | Checkstyle | 8,658 |
| 2 | PMD | 5,190 |
| 3 | NullAway | 3,836 |
| 4 | Spotbugs | 3,725 |
| 5 | phpinspectionsea | 1,471 |
| 6 | SonarJava | 1,179 |
| 7 | SootUp | 727 |
| 8 | sonar-php | 416 |
| 9 | forbidden-apis | 354 |
| 10 | warnings-ng-plugin | 348 |
| 11 | fb-contrib | 163 |
Sponsored
Deploy and host your apps and databases, now with $50 credit!
Sevalla is the PaaS you have been looking for! Advanced deployment pipelines, usage-based pricing, preview apps, templates, human support by developers, and much more!
sevalla.com