SonarSource delivers what is probably the best static code analyzer you can find on the market for Java. Based on our own Java compiler front-end, it uses the most advanced techniques (pattern matching, dataflow analysis) to analyze code and find code smells, bugs and security vulnerabilities. As for any product we develop at SonarSource, it was built on the following principles: depth, accuracy and speed.
SonarJava has a great coverage of well-established quality standards. The SonarJava capability is available in Eclipse and IntelliJ for developers (SonarLint) as well as throughout the development chain for automated code review with self-hosted SonarQube or on-line SonarCloud.
- Java language versions through 10
- Frameworks Struts, Spring, Hibernate
- Native integration with Maven, Gradle, and Ant
Code Coverage by Tests: SonarJava supports the import of JaCoCo and Cobertura test coverage reports.
SonarJava supports custom rules written in Java.
SonarJava is officially registered as CWE Compatible