Top 10 Java static-code-analysis Projects
-
Checkstyle
Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
Project mention: How can I help my partner write better code? | reddit.com/r/learnprogramming | 2021-11-27I’m a little out of date with Java, but I believe Checkstyle is currently popular: https://github.com/checkstyle/checkstyle
-
Project mention: Is there a tool to track CVEs for the software that we use? | reddit.com/r/sysadmin | 2021-12-14
While at it you could also point them to static code analyzers such as error_prone, spotbugs and pmd (use all 3 at once - they complement each other in detecting different issues).
-
SonarLint
Deliver Cleaner and Safer Code - Right in Your IDE of Choice!. SonarLint is a free and open source IDE extension that identifies and catches bugs and vulnerabilities as you code, directly in the IDE. Install from your favorite IDE marketplace today.
-
NullAway
A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead
Project mention: Nullaway fully supports switch expressions without issues now in 0.9.5 | reddit.com/r/java | 2022-01-13 -
-
Project mention: What are those micro-optimizations that you can't forget? | reddit.com/r/PHP | 2021-09-01
The PHP-EA Extended static analysis plugin for PHPStorm has a number of Performance rules which has some of the same items as this list, although they're not all in the performance category, the single quotes inspection is under code style.
-
-
Project mention: Any good alternative for SonarQube which is free of cost? | reddit.com/r/jenkinsci | 2021-04-03
-
Scout APM
Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
-
Besides the classic pmd/stopbugs/jacoco/owasp, a favorite of mine is forbidden-apis.
-
and https://github.com/mebigfatguy/fb-contrib
-
Project mention: In GitHub Actions, is there a way to post compiler warnings as PR review comments? | reddit.com/r/csharp | 2021-09-08
Just looked that up and it seems like there may be a command line tool available for this already! https://github.com/tomasbjerre/violation-comments-to-github-command-line
Java static-code-analysis related posts
- What are some useful static analyzers for Java?
- How to setup CI/CD for org-based development?
- How can I help my partner write better code?
- Is it possible to measure spaghettiness of code?
- Needing to run GUI application from java docker image
- In GitHub Actions, is there a way to post compiler warnings as PR review comments?
- An Incomplete List of Practical Security for Mortals
Index
What are some of the best open-source static-code-analysis projects in Java? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | Checkstyle | 6,535 |
| 2 | PMD | 3,705 |
| 3 | NullAway | 3,064 |
| 4 | Spotbugs | 2,603 |
| 5 | phpinspectionsea | 1,287 |
| 6 | SonarJava | 858 |
| 7 | warnings-ng-plugin | 287 |
| 8 | forbidden-apis | 247 |
| 9 | fb-contrib | 129 |
| 10 | violation-comments-to-github-command-line | 2 |
Are you hiring? Post a new remote job listing for free.
