SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code. (by spotbugs)


Basic Spotbugs repo stats
5 days ago

spotbugs/spotbugs is an open source project licensed under GNU Lesser General Public License v3.0 only which is an OSI approved license.

Spotbugs Alternatives

Similar projects and alternatives to Spotbugs

  • GitHub repo Vault

    A tool for secrets management, encryption as a service, and privileged access management

  • GitHub repo Gson

    A Java serialization/deserialization library to convert Java Objects into JSON and back

  • GitHub repo Keycloak

    Open Source Identity and Access Management For Modern Applications and Services

  • GitHub repo Twig

    Twig, the flexible, fast, and secure template language for PHP

  • GitHub repo trivy

    A Simple and Comprehensive Vulnerability Scanner for Container Images, Git Repositories and Filesystems. Suitable for CI

  • GitHub repo DOMPurify

    DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

  • GitHub repo SonarQube

    Continuous Inspection

  • GitHub repo falco

    Cloud Native Runtime Security

  • GitHub repo PMD

    An extensible multilanguage static code analyzer.

  • GitHub repo Thymeleaf

    Thymeleaf is a modern server-side Java template engine for both web and standalone environments.

  • GitHub repo find-sec-bugs

    The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

  • GitHub repo selinux-coloring-book

    A coloring book to help folks understand how SELinux works.

NOTE: The number of mentions on this list indicates mentions on common posts. Hence, a higher number means a better Spotbugs alternative or higher similarity.


Posts where Spotbugs has been mentioned. We have used some of these posts to build our list of alternatives and similar projects - the last one was on 2021-04-15.
  • SpotBugs – Find Bugs in Java Programs | 2021-04-28
  • Conducting SAST for Java Applications | 2021-04-15
    Static application security testing (SAST) is essential in tackling the source code vulnerabilities, late diagnosis of problems, and lack of root-cause analysis. This post describes how to carry out SAST in your Java application using SpotBugs.
  • Web Application Security Checklist (2021) | 2021-02-16
  • Java Code Quality Tools Recommended by Developers | 2021-02-07
    Licensing: Free and open-source | 2021-02-07
    SpotBugs is FindBugs' successor. It is a Java static code analysis tool that examines JVM bytecode and finds traces of potential errors and security vulnerabilities by identifying coding defects. These defects are reported as warnings, but not all of the warnings reported are necessarily defects, e.g., warnings referred to possible performance issues. The latest version reports more than 400 warnings, and all warnings are classified into four ranks: (i) scariest, (ii) scary, (iii) troubling, (iv) of concern.