Java static-code-analysis

Open-source Java projects categorized as static-code-analysis
Edit details
Static Analysis Java Code Analysis HacktoberFest Code Quality
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

Top 11 Java static-code-analysis Projects

static-code-analysis

  1. Checkstyle

    Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.

    Project mention: Contribution Instructions: Formate Code and Linting | dev.to | 2024-11-01

    We had a list of suggested code formation tools, as my code was written in Java I decided to use suggested formatter GoogleJavaFormat. However, I didn't decide to pick suggested tool for Linter. I picked Checkstyle; for the reason, that SpotBugs wasn't available for JDK 22.

  2. CodeRabbit

    CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

    CodeRabbit logo

  3. PMD

    An extensible multilanguage static code analyzer.

    Project mention: Análise Comparativa: Aider vs. PMD vs. Semgrep | dev.to | 2025-02-27

  4. NullAway

    A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead

    Project mention: JVM/Java: Null-Restricted and Nullable Types | news.ycombinator.com | 2024-08-02

    Would be cool if Java got this feature, explicit optionality at a language level a la T? is an enormous developer QoL in Kotlin and Typescript in my experience. In Java there's tools like NullAway [1] but they're a hassle.

    Language-level support is leagues better than Optional/Maybe in my experience too because it keeps the code focused on the actual logic instead of putting everything in a map/flatMap railway.

    [1] https://github.com/uber/NullAway

  5. Spotbugs

    SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

    Project mention: We Have Code Quality At Home: Open Source Java Code Quality Tools | dev.to | 2024-05-06

    SpotBugs is an open source static anlysis tool. "SpotBugs uses static analysis to inspect Java bytecode for occurrences of bug patterns." This means that SpotBugs runs against the compiled source source code, rather than raw Java files. Because it analyses bytecode, it can catch some types of bugs that source code analysis would not catch.

  6. phpinspectionsea

    A Static Code Analyzer for PHP (a PhpStorm/Idea Plugin)

  7. SonarJava

    :coffee: SonarSource Static Analyzer for Java Code Quality and Security

  8. SootUp

    A new version of Soot with a completely overhauled architecture

    Project mention: Show HN: FlowTracker – Track data flowing through Java programs | news.ycombinator.com | 2024-09-13

    Last time I was this blown away was with jitwatch ( https://github.com/AdoptOpenJDK/jitwatch )

    FlowTracker reminds me a little of taint analysis, which is used for tracking unvalidated user inputs or secrets through a program, making sure it is not leaked or used without validation.

    search keywords are "dynamic taint tracking/analysis"

    https://github.com/gmu-swe/phosphor

    https://github.com/soot-oss/SootUp

    https://github.com/feliam/klee-taint

  9. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo

  10. sonar-php

    :elephant: SonarPHP: PHP static analyzer for SonarQube & SonarLint

  11. warnings-ng-plugin

    Jenkins Warnings Plugin - Next Generation

  12. forbidden-apis

    Policeman's Forbidden API Checker

  13. fb-contrib

    a FindBugs/SpotBugs plugin for doing static code analysis for java code bases

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

Java static-code-analysis discussion

Log in or Post with

Java static-code-analysis related posts

  • Análise Comparativa: Aider vs. PMD vs. Semgrep

    3 projects | dev.to | 27 Feb 2025

  • Contribution Instructions: Formate Code and Linting

    2 projects | dev.to | 1 Nov 2024

  • Show HN: FlowTracker – Track data flowing through Java programs

    7 projects | news.ycombinator.com | 13 Sep 2024

  • We Have Code Quality At Home: Open Source Java Code Quality Tools

    4 projects | dev.to | 6 May 2024

  • Handling EI_EXPOSE_REP & EI_EXPOSE_REP2 👨🏻‍💻

    1 project | dev.to | 30 Apr 2024

  • PMD 7 Is Here

    1 project | news.ycombinator.com | 22 Mar 2024

  • Amazon CodeGuru Reviewer: already time for retirement?

    2 projects | dev.to | 1 Aug 2023
  • A note from our sponsor - SaaSHub
    www.saashub.com | 17 Mar 2025
    SaaSHub helps you find the best software and product alternatives Learn more →

Index

What are some of the best open-source static-code-analysis projects in Java? This list will help you:

# Project Stars
1 Checkstyle 8,511
2 PMD 5,002
3 NullAway 3,701
4 Spotbugs 3,601
5 phpinspectionsea 1,455
6 SonarJava 1,162
7 SootUp 656
8 sonar-php 399
9 warnings-ng-plugin 345
10 forbidden-apis 343
11 fb-contrib 158

Sponsored
CodeRabbit: AI Code Reviews for Developers
Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
coderabbit.ai

Did you know that Java is
the 8th most popular programming language
based on number of references?

Loading...