Spotbugs Alternatives
Similar projects and alternatives to Spotbugs
-
-
-
-
-
SonarJava
:coffee: SonarSource Static Analyzer for Java Code Quality and Security
-
-
Checkstyle
Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
-
-
Scout APM
Scout APM: A developer's best friend. Try free for 14-days. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
-
-
Vault
A tool for secrets management, encryption as a service, and privileged access management
-
find-sec-bugs
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
-
Spoon
Spoon is a metaprogramming library to analyze and transform Java source code. :spoon: is made with :heart:, :beers: and :sparkles:. It parses source files to build a well-designed AST with powerful analysis and transformation API.
-
Gson
A Java serialization/deserialization library to convert Java Objects into JSON and back
-
Keycloak
Open Source Identity and Access Management For Modern Applications and Services
-
trivy
Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
-
-
DOMPurify
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
-
-
semgrep
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
-
-
Thymeleaf
Thymeleaf is a modern server-side Java template engine for both web and standalone environments.
Reviews and mentions
-
SpotBugs supports SARIF that supports integration with other SAST tools
First, it's better to use SpotBugs 4.4.1 and above, that includes a fix to make SARIF report compatible with Github code scanning API requirements.
-
Needing to run GUI application from java docker image
RUN wget https://github.com/spotbugs/spotbugs/releases/download/4.4.1/spotbugs-4.4.1.tgz
-
Looking for a Static Code Analysis tool for Scala Code
If you don’t have checkmarx/Vera code money, have you looked at https://find-sec-bugs.github.io/? It can be used with a few things such as https://spotbugs.github.io/ and sonarQ
-
An Incomplete List of Practical Security for Mortals
some good tools for general code analysis (Java): Sonarqube, PMD, SpotBugs
- NP_METHOD_PARAMETER_TIGHTENS_ANNOTATION erroneously issued on equals(@Nullable Object) · Issue #633 · spotbugs/spotbugs
- SpotBugs – Find Bugs in Java Programs
-
Conducting SAST for Java Applications
Static application security testing (SAST) is essential in tackling the source code vulnerabilities, late diagnosis of problems, and lack of root-cause analysis. This post describes how to carry out SAST in your Java application using SpotBugs.
-
Web Application Security Checklist (2021)
SpotBugs
-
Java Code Quality Tools Recommended by Developers
Licensing: Free and open-source
SpotBugs is FindBugs' successor. It is a Java static code analysis tool that examines JVM bytecode and finds traces of potential errors and security vulnerabilities by identifying coding defects. These defects are reported as warnings, but not all of the warnings reported are necessarily defects, e.g., warnings referred to possible performance issues. The latest version reports more than 400 warnings, and all warnings are classified into four ranks: (i) scariest, (ii) scary, (iii) troubling, (iv) of concern.
Stats
spotbugs/spotbugs is an open source project licensed under GNU Lesser General Public License v3.0 only which is an OSI approved license.
Popular Comparisons
Are you hiring? Post a new remote job listing for free.