What are some useful static analyzers for Java?

This page summarizes the projects mentioned and recommended in the original post on /r/java

InfluxDB high-performance time series database
Collect, organize, and act on massive volumes of high-resolution data to power real-time intelligent systems.
influxdata.com
featured
CodeRabbit: AI Code Reviews for Developers
Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
coderabbit.ai
featured
  1. Spotbugs

    SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

  2. InfluxDB

    InfluxDB high-performance time series database. Collect, organize, and act on massive volumes of high-resolution data to power real-time intelligent systems.

    InfluxDB logo
  3. find-sec-bugs

    The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

    SpotBugs have a lot of extensions such as https://find-sec-bugs.github.io/ https://github.com/KengoTODA/findbugs-slf4j and more, I recommend adding them as well

  4. gradle-errorprone-plugin

    Gradle plugin to use the error-prone compiler for Java

    In personal projects, I've had good experiences using the error-prone compiler plugin with uber's nullaway.

  5. NullAway

    A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead

    In personal projects, I've had good experiences using the error-prone compiler plugin with uber's nullaway.

  6. forbidden-apis

    Policeman's Forbidden API Checker

    Besides the classic pmd/stopbugs/jacoco/owasp, a favorite of mine is forbidden-apis.

  7. findbugs-slf4j

    A SpotBugs/FindBugs plugin to verify usage of SLF4J

    SpotBugs have a lot of extensions such as https://find-sec-bugs.github.io/ https://github.com/KengoTODA/findbugs-slf4j and more, I recommend adding them as well

  8. fb-contrib

    a FindBugs/SpotBugs plugin for doing static code analysis for java code bases

    and https://github.com/mebigfatguy/fb-contrib

  9. CodeRabbit

    CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

    CodeRabbit logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • We Have Code Quality At Home: Open Source Java Code Quality Tools

    4 projects | dev.to | 6 May 2024
  • Handling EI_EXPOSE_REP & EI_EXPOSE_REP2 👨🏻‍💻

    1 project | dev.to | 30 Apr 2024
  • Static Code Analyzer for JAVA development: any recommendations ??

    1 project | /r/AskNetsec | 8 Nov 2022
  • Java Checkstyle reports formatting as a warning, not an error despite my explicit severity

    1 project | /r/javahelp | 16 Aug 2022
  • Checkstyle - development tool to help programmers write Java code that adheres to a coding standard.

    1 project | /r/github_trends | 29 Apr 2022

Did you know that Java is
the 8th most popular programming language
based on number of references?