Conducting SAST for Java Applications

This page summarizes the projects mentioned and recommended in the original post on /r/java
Code Analysis Findbugs Static Analysis HacktoberFest Java

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • Spotbugs

    SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

    • Static application security testing (SAST) is essential in tackling the source code vulnerabilities, late diagnosis of problems, and lack of root-cause analysis. This post describes how to carry out SAST in your Java application using SpotBugs.

  • find-sec-bugs

    The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

    • How can the article fail to mention Find Security Bugs (find-sec-bugs) when talking about using SpotBugs (ex-FindBugs) for analyzing code for security issues?

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts