Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Open Source Static Source Code Analysis Tool (Security Oriented) For Java

I am looking for an open source static source code analysis tool that can be used for security testing of an android application. I need to make sure that my application is PCI compliant.
An example of a non-open source tool is Fortify.
Anyone can help in providing a list of recommended software?

like image 358
Strider007 Avatar asked Apr 09 '13 08:04

Strider007


2 Answers

PMD and FindBugs are some of the best Static code analysers that I have worked on. You can try them. You can add your own rule and delete some of the existing ones from them.

https://www.sparkred.com/blog/open-source-java-static-code-analyzers/

like image 125
Madhu V Rao Avatar answered Sep 23 '22 04:09

Madhu V Rao


There are so many open source tools for Source Code Analysis Tool For Java like Dependometer,FindBugs,QJ-Pro etc.
For more details with lists.
Another link

like image 29
Shreyos Adikari Avatar answered Sep 23 '22 04:09

Shreyos Adikari