What are some useful static analyzers for Java?

This page summarizes the projects mentioned and recommended in the original post on /r/java

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
  • Spotbugs

    SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
  • find-sec-bugs

    The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

    SpotBugs have a lot of extensions such as https://find-sec-bugs.github.io/ https://github.com/KengoTODA/findbugs-slf4j and more, I recommend adding them as well

  • gradle-errorprone-plugin

    Gradle plugin to use the error-prone compiler for Java

    In personal projects, I've had good experiences using the error-prone compiler plugin with uber's nullaway.

  • NullAway

    A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead

    In personal projects, I've had good experiences using the error-prone compiler plugin with uber's nullaway.

  • forbidden-apis

    Policeman's Forbidden API Checker

    Besides the classic pmd/stopbugs/jacoco/owasp, a favorite of mine is forbidden-apis.

  • findbugs-slf4j

    A SpotBugs/FindBugs plugin to verify usage of SLF4J

    SpotBugs have a lot of extensions such as https://find-sec-bugs.github.io/ https://github.com/KengoTODA/findbugs-slf4j and more, I recommend adding them as well

  • fb-contrib

    a FindBugs/SpotBugs plugin for doing static code analysis for java code bases

    and https://github.com/mebigfatguy/fb-contrib

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • We Have Code Quality At Home: Open Source Java Code Quality Tools

    4 projects | dev.to | 6 May 2024
  • Handling EI_EXPOSE_REP & EI_EXPOSE_REP2 👨🏻‍💻

    1 project | dev.to | 30 Apr 2024
  • Static Code Analyzer for JAVA development: any recommendations ??

    1 project | /r/AskNetsec | 8 Nov 2022
  • Java Checkstyle reports formatting as a warning, not an error despite my explicit severity

    1 project | /r/javahelp | 16 Aug 2022
  • Checkstyle - development tool to help programmers write Java code that adheres to a coding standard.

    1 project | /r/github_trends | 29 Apr 2022