Our great sponsors
-
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
SpotBugs is FindBugs' successor. It is a Java static code analysis tool that examines JVM bytecode and finds traces of potential errors and security vulnerabilities by identifying coding defects. These defects are reported as warnings, but not all of the warnings reported are necessarily defects, e.g., warnings referred to possible performance issues. The latest version reports more than 400 warnings, and all warnings are classified into four ranks: (i) scariest, (ii) scary, (iii) troubling, (iv) of concern.
SonarQube is the open-source suite of java static code analysis tools that combines the features of tools such as FindBugs and PMD. SonarQube has very intuitive dashboards that maintain history to help developers track Java code quality over time. SonarQube uses advanced techniques like pattern matching and dataflow analysis to analyze code and identify code smells, bugs, and security vulnerabilities.
PMD analyzes Java source code, validates it with its list of rules, and reports offending lines to the user. PMD can determine common issues such as the hard coding of passwords and IP addresses, the use of the forEach loop instead of a traditional for loop, and code that seems to violate the Law of Demeter or implement the God Class anti-pattern.