Top 9 Java static-code-analysis Projects
-
Checkstyle
Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
Project mention: How can I help my partner write better code? | reddit.com/r/learnprogramming | 2021-11-27I’m a little out of date with Java, but I believe Checkstyle is currently popular: https://github.com/checkstyle/checkstyle
-
Project mention: Is it possible to measure spaghettiness of code? | reddit.com/r/AskProgramming | 2021-11-25
This is the definition of cohesion and there are many great tools to calculate cohesion metrics (depending on the programming language e.g Java). Cohesion metrics belong to a bigger set of metrics called OOP metrics (or ck metrics). Check out the following links: https://github.com/mauricioaniche/ck https://github.com/cqfn/jpeek https://github.com/rodhilton/jasome https://github.com/pmd/pmd
-
-
NullAway
A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead
Project mention: What are some new or upcoming Java projects or advancements that excite you the most? | reddit.com/r/java | 2021-10-29Check out Uber’s NullAway. It’s way better than any IDE plugins. https://github.com/uber/NullAway
-
Project mention: SpotBugs supports SARIF that supports integration with other SAST tools | dev.to | 2021-10-16
First, it's better to use SpotBugs 4.4.1 and above, that includes a fix to make SARIF report compatible with Github code scanning API requirements.
-
Project mention: What are those micro-optimizations that you can't forget? | reddit.com/r/PHP | 2021-09-01
The PHP-EA Extended static analysis plugin for PHPStorm has a number of Performance rules which has some of the same items as this list, although they're not all in the performance category, the single quotes inspection is under code style.
-
-
Project mention: Any good alternative for SonarQube which is free of cost? | reddit.com/r/jenkinsci | 2021-04-03
-
Scout APM
Scout APM: A developer's best friend. Try free for 14-days. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
-
Regarding the "deleting them if not necessary any or are deprecated or do not make sense anymore ", something you can use today is this nice maven plugin:forbidden-apis.
-
Project mention: In GitHub Actions, is there a way to post compiler warnings as PR review comments? | reddit.com/r/csharp | 2021-09-08
Just looked that up and it seems like there may be a command line tool available for this already! https://github.com/tomasbjerre/violation-comments-to-github-command-line
Java static-code-analysis related posts
- How can I help my partner write better code?
- Is it possible to measure spaghettiness of code?
- Needing to run GUI application from java docker image
- In GitHub Actions, is there a way to post compiler warnings as PR review comments?
- An Incomplete List of Practical Security for Mortals
- NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION erroneously issued on equals(@Nullable Object) · Issue #633 · spotbugs/spotbugs
- Enforcing Coding Best Practices using CI
Index
What are some of the best open-source static-code-analysis projects in Java? This list will help you:
| Project | Stars | |
|---|---|---|
| 1 | Checkstyle | 6,457 |
| 2 | PMD | 3,630 |
| 3 | NullAway | 3,026 |
| 4 | Spotbugs | 2,548 |
| 5 | phpinspectionsea | 1,275 |
| 6 | SonarJava | 842 |
| 7 | warnings-ng-plugin | 276 |
| 8 | forbidden-apis | 241 |
| 9 | violation-comments-to-github-command-line | 2 |
Are you hiring? Post a new remote job listing for free.
