Top 10 Java static-code-analysis Projects
Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.Project mention: How can I help my partner write better code? | reddit.com/r/learnprogramming | 2021-11-27
I’m a little out of date with Java, but I believe Checkstyle is currently popular: https://github.com/checkstyle/checkstyle
An extensible multilanguage static code analyzer.Project mention: Is there a tool to track CVEs for the software that we use? | reddit.com/r/sysadmin | 2021-12-14
While at it you could also point them to static code analyzers such as error_prone, spotbugs and pmd (use all 3 at once - they complement each other in detecting different issues).
Deliver Cleaner and Safer Code - Right in Your IDE of Choice!. SonarLint is a free and open source IDE extension that identifies and catches bugs and vulnerabilities as you code, directly in the IDE. Install from your favorite IDE marketplace today.
A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overheadProject mention: Nullaway fully supports switch expressions without issues now in 0.9.5 | reddit.com/r/java | 2022-01-13
SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
A Static Code Analyzer for PHP (a PhpStorm/Idea Plugin)Project mention: What are those micro-optimizations that you can't forget? | reddit.com/r/PHP | 2021-09-01
The PHP-EA Extended static analysis plugin for PHPStorm has a number of Performance rules which has some of the same items as this list, although they're not all in the performance category, the single quotes inspection is under code style.
:coffee: SonarSource Static Analyzer for Java Code Quality and Security
Jenkins Warnings Plugin - Next GenerationProject mention: Any good alternative for SonarQube which is free of cost? | reddit.com/r/jenkinsci | 2021-04-03
Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
Policeman's Forbidden API Checker
Besides the classic pmd/stopbugs/jacoco/owasp, a favorite of mine is forbidden-apis.
a FindBugs/SpotBugs plugin for doing static code analysis for java code bases
Report static code analysis to GitHubProject mention: In GitHub Actions, is there a way to post compiler warnings as PR review comments? | reddit.com/r/csharp | 2021-09-08
Just looked that up and it seems like there may be a command line tool available for this already! https://github.com/tomasbjerre/violation-comments-to-github-command-line
Java static-code-analysis related posts
What are some useful static analyzers for Java?
9 projects | reddit.com/r/java | 2 Jan 2022
How to setup CI/CD for org-based development?
2 projects | reddit.com/r/salesforce | 10 Dec 2021
How can I help my partner write better code?
2 projects | reddit.com/r/learnprogramming | 27 Nov 2021
Is it possible to measure spaghettiness of code?
4 projects | reddit.com/r/AskProgramming | 25 Nov 2021
Needing to run GUI application from java docker image
1 project | reddit.com/r/docker | 30 Sep 2021
In GitHub Actions, is there a way to post compiler warnings as PR review comments?
2 projects | reddit.com/r/csharp | 8 Sep 2021
An Incomplete List of Practical Security for Mortals
9 projects | dev.to | 6 Jul 2021
What are some of the best open-source static-code-analysis projects in Java? This list will help you:
Are you hiring? Post a new remote job listing for free.