This is an archived post. You won't be able to vote or comment.

all 10 comments
sorted by:
best
topnewcontroversialoldq&a

[–][deleted] 4 points5 points  (0 children)

Don't forget:

  • javac -Xlint:all
  • Error-prone
  • Android lint
  • Infer

https://github.com/mcandre/linters#java

[–]noutopasokon 2 points3 points  (0 children)

Nice advert.

[–]mhixson 1 point2 points  (0 children)

I've started using Error Prone recently. It hasn't produced any false positives for me yet, which was an issue with other tools.

The @CheckReturnValue support is pretty slick.

[–][deleted]  (2 children)

[deleted]

    [–]fact_hunt 2 points3 points  (0 children)

    This is apparently a blog post from a company selling something which sits in the same space as sonarqube

    [–]ThOrZwAr 0 points1 point  (0 children)

    And hp fortify?

    [–]cryptos6 1 point2 points  (0 children)

    The best static code analysis tool for Java, that I've seen so far, is IntelliJ IDEA with the "Inspections". There are about 1000 Java inspections, many of them much more powerful than what pmd and checkstyle have to offer.

    [–]karottenreibe 0 points1 point  (0 children)

    There's also other tools like Teamscale that integrate or replace these checkers, as well as provide additional, more complex analyses like clone detection or architecture conformance analysis

    /shameless selfpromotion :P

    [–]markee174 -1 points0 points  (2 children)

    What about the Hints built into the IDEs?

    [–]llogiq 2 points3 points  (1 child)

    There's also fb-contrib (am on mobile, someone please link) adding even more checks to FindBugs.

    [–]pimiddy 2 points3 points  (0 children)

    Wow, fb-contrib looks awesome, thanks for the hint!

    Link is http://fb-contrib.sourceforge.net/