Java language logo

Java static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your JAVA code

  • .Bug
  • .Security Vulnerability
  • .Security Hotspot
  • .Code Smell

Language versions

through Java 16

Web frameworks

Struts, Spring, JSP, Thymeleaf

Test frameworks

JUnit 4/5, AssertJ, Mockito, Spring Test, TestNG


Hibernate, Spring JDBC Template, JDO, Rapidoid, iBATIS, Torque, VertX SQL

Build integrations

Maven, Gradle, Ant

Java Coverage of OWASP TOP 10 2017

Java coverage of OWASP TOP 10 2017

A1 Injection
A2 Broken Authentication
A3 Sensitive Data Exposure
A4 XML External Entities (XXE)
A5 Broken Access control
A6 Security misconfigurations
A7 Cross Site Scripting (XSS)
A8 Insecure Deserialization
A9 Using Components with known vulnerabilities
A10 Insufficient logging and monitoring