Java static-code-analysis

Open-source Java projects categorized as static-code-analysis | Edit details

Top 10 Java static-code-analysis Projects

  • Checkstyle

    Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.

    Project mention: How can I help my partner write better code? | | 2021-11-27

    I’m a little out of date with Java, but I believe Checkstyle is currently popular:

  • PMD

    An extensible multilanguage static code analyzer.

    Project mention: Is there a tool to track CVEs for the software that we use? | | 2021-12-14

    While at it you could also point them to static code analyzers such as error_prone, spotbugs and pmd (use all 3 at once - they complement each other in detecting different issues).

  • SonarLint

    Deliver Cleaner and Safer Code - Right in Your IDE of Choice!. SonarLint is a free and open source IDE extension that identifies and catches bugs and vulnerabilities as you code, directly in the IDE. Install from your favorite IDE marketplace today.

  • NullAway

    A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead

    Project mention: Nullaway fully supports switch expressions without issues now in 0.9.5 | | 2022-01-13
  • Spotbugs

    SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

    Project mention: What are some useful static analyzers for Java? | | 2022-01-02
  • phpinspectionsea

    A Static Code Analyzer for PHP (a PhpStorm/Idea Plugin)

    Project mention: What are those micro-optimizations that you can't forget? | | 2021-09-01

    The PHP-EA Extended static analysis plugin for PHPStorm has a number of Performance rules which has some of the same items as this list, although they're not all in the performance category, the single quotes inspection is under code style.

  • SonarJava

    :coffee: SonarSource Static Analyzer for Java Code Quality and Security

  • warnings-ng-plugin

    Jenkins Warnings Plugin - Next Generation

    Project mention: Any good alternative for SonarQube which is free of cost? | | 2021-04-03
  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • forbidden-apis

    Policeman's Forbidden API Checker

    Project mention: What are some useful static analyzers for Java? | | 2022-01-02

    Besides the classic pmd/stopbugs/jacoco/owasp, a favorite of mine is forbidden-apis.

  • fb-contrib

    a FindBugs/SpotBugs plugin for doing static code analysis for java code bases

    Project mention: What are some useful static analyzers for Java? | | 2022-01-02


  • violation-comments-to-github-command-line

    Report static code analysis to GitHub

    Project mention: In GitHub Actions, is there a way to post compiler warnings as PR review comments? | | 2021-09-08

    Just looked that up and it seems like there may be a command line tool available for this already!

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2022-01-13.

Java static-code-analysis related posts


What are some of the best open-source static-code-analysis projects in Java? This list will help you:

Project Stars
1 Checkstyle 6,535
2 PMD 3,705
3 NullAway 3,064
4 Spotbugs 2,603
5 phpinspectionsea 1,287
6 SonarJava 858
7 warnings-ng-plugin 287
8 forbidden-apis 247
9 fb-contrib 129
10 violation-comments-to-github-command-line 2
Find remote jobs at our new job board There are 29 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
OPS - Build and Run Open Source Unikernels
Quickly and easily build and deploy open source unikernels in tens of seconds. Deploy in any language to any cloud.