Conducting SAST for Java Applications

This page summarizes the projects mentioned and recommended in the original post on reddit.com/r/java

Our great sponsors
  • Mergify - Automate your Pull Request with Mergify
  • Scout APM - Less time debugging, more time building
  • SonarQube - Static code analysis for 29 languages.
  • Spotbugs

    SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

    Static application security testing (SAST) is essential in tackling the source code vulnerabilities, late diagnosis of problems, and lack of root-cause analysis. This post describes how to carry out SAST in your Java application using SpotBugs.

  • find-sec-bugs

    The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

    How can the article fail to mention Find Security Bugs (find-sec-bugs) when talking about using SpotBugs (ex-FindBugs) for analyzing code for security issues?

  • Mergify

    Automate your Pull Request with Mergify. Mergify is the most powerful merge queue tool that offers speculative checks, batch merges, and multiple queueing options. Coordinated with any CI and fully integrated to GitHub. Get started or request a demo!

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts