SonarJava

SonarSource delivers what is probably the best static code analyzer you can find on the market for Java. Based on our own Java compiler front-end, it uses the most advanced techniques (pattern matching, dataflow analysis) to analyze code and find code smells, bugs and security vulnerabilities. As for any product we develop at SonarSource, it was built on the following principles: depth, accuracy and speed.

SonarJava has a great coverage of well-established quality standards. The SonarJava capability is available in Eclipse and IntelliJ for developers (SonarLint) as well as throughout the development chain for automated code review with self-hosted SonarQube or on-line SonarCloud.

Samples of Issues Detected
 
Null pointer dereference Null pointer dereference Null pointer dereference
If and else identical statement If and else identical statement If and else identical statement
Invariant method returns Invariant method returns Invariant method returns
Always false condition Always false condition Always false condition
Unclosed resource Unclosed resource Unclosed resource
I/O function call injection I/O function call injection I/O function call injection
Supported versions, frameworks and special analyses
  • Java language versions through 10
  • Frameworks Struts, Spring, Hibernate
  • Native integration with Maven, Gradle, and Ant
Metrics

Code Coverage by Tests: SonarJava supports the import of JaCoCo and Cobertura test coverage reports.

Custom Rules

SonarJava supports custom rules written in Java.

CWE Compatibility

SonarJava is officially registered as CWE Compatible

Free & Open Source

Github

Issue Tracker

Use in community edition

See all editions


Related Content