What are some useful static analyzers for Java?

This page summarizes the projects mentioned and recommended in the original post on reddit.com/r/java

Our great sponsors
  • Scout APM - Less time debugging, more time building
  • SonarQube - Static code analysis for 29 languages.
  • SaaSHub - Software Alternatives and Reviews
  • Spotbugs

    SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

  • find-sec-bugs

    The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

    SpotBugs have a lot of extensions such as https://find-sec-bugs.github.io/ https://github.com/KengoTODA/findbugs-slf4j and more, I recommend adding them as well

  • Scout APM

    Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.

  • gradle-errorprone-plugin

    Gradle plugin to use the error-prone compiler for Java

    In personal projects, I've had good experiences using the error-prone compiler plugin with uber's nullaway.

  • NullAway

    A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead

    In personal projects, I've had good experiences using the error-prone compiler plugin with uber's nullaway.

  • forbidden-apis

    Policeman's Forbidden API Checker

    Besides the classic pmd/stopbugs/jacoco/owasp, a favorite of mine is forbidden-apis.

  • findbugs-slf4j

    A SpotBugs/FindBugs plugin to verify usage of SLF4J

    SpotBugs have a lot of extensions such as https://find-sec-bugs.github.io/ https://github.com/KengoTODA/findbugs-slf4j and more, I recommend adding them as well

  • fb-contrib

    a FindBugs/SpotBugs plugin for doing static code analysis for java code bases

    and https://github.com/mebigfatguy/fb-contrib

  • SonarQube

    Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts