Get started now

SonarSource delivers what is probably the best static code analysis you can find for Java. It uses the most advanced techniques (pattern matching, dataflow analysis) to analyze code and find Code Smells, Bugs and Security Vulnerabilities. As with everything we develop at SonarSource, it was built on the principles of depth, accuracy, and speed.

SonarSource's Java analysis has a great coverage of well-established quality standards. This capability is available in Eclipse, IntelliJ and VSCode for developers (SonarLint) as well as throughout the development chain for automated code review with self-hosted SonarQube or cloud-based SonarCloud.

Use in
Standards
Samples of Issues Detected
 
Null pointer dereference
Null pointer dereference
If and else identical statement
If and else identical statement
Invariant method returns
Invariant method returns
Always false condition
Always false condition
Unclosed resource
Unclosed resource
I/O function call injection
I/O function call injection
Supported versions, frameworks and special analyses
  • Java language versions through 14
  • Frameworks Struts, Spring, Hibernate
  • Native integration with Maven, Gradle, and Ant
Metrics

SonarSource's Java analysis supports all the standard metrics implemented by SonarQube including Cognitive Complexity. Additionally, it supports the import of JaCoCo and Cobertura test coverage reports.

Custom Rules

SonarSource's Java analysis supports custom rules written in Java.

CWE Compatibility

SonarSource's Java analysis is officially registered as CWE Compatible

Free & Open Source

Github

Issue Tracker


Related Content

Announcement
SonarQube Detects Security Vulnerabilities & Injection Flaws
blog
SonarAnalyzer for Java: Tricky Bugs are Running Scared
blog
SonarQube Java Analyzer : The Only Rule Engine You Need
blog
Already 158 Checkstyle and PMD rules deprecated by SonarQube Java rules

Unique Approach

Products

Plans and pricing

Company

© 2008-, SonarSource S.A, Switzerland. All content is copyright protected. SONARSOURCE, SONARLINT, SONARQUBE and SONARCLOUD are trademarks of SonarSource SA.

All other trademarks and copyrights are the property of their respective owners. All rights are expressly reserved.

Privacy Policy | Terms and Conditions