Popularity

6.8

Declining

Activity

9.5

Stars 1,088

Watchers 73

Forks 661

Last Commit 2 days ago

Programming language: Java

License: GNU Lesser General Public License v3.0 only

Tags: Code Analysis

Latest version: v6.10.0.24201

SonarJava alternatives and similar libraries

Based on the "Code Analysis" category.
Alternatively, view SonarJava alternatives based on common mentions on social networks and blogs.

Infer

9.4 9.9 SonarJava VS Infer

A static analyzer for Java, C, C++, and Objective-C
Checkstyle

9.2 9.9 L3 SonarJava VS Checkstyle

Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.

InfluxDB - Power Real-Time Data Analytics at Scale

Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

Promo www.influxdata.com

Sourcetrail

9.2 7.0 SonarJava VS Sourcetrail

Sourcetrail - free and open-source interactive source explorer
SonarQube

9.1 9.9 L3 SonarJava VS SonarQube

Continuous Inspection
Error Prone

8.6 9.4 L3 SonarJava VS Error Prone

Catch common Java mistakes as compile-time errors
PMD

8.5 9.9 L3 SonarJava VS PMD

An extensible multilanguage static code analyzer.
Spotbugs

7.9 9.6 SonarJava VS Spotbugs

SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
NullAway

7.7 9.0 SonarJava VS NullAway

A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead
Spoon

6.7 9.6 L2 SonarJava VS Spoon

Spoon is a metaprogramming library to analyze and transform Java source code. :spoon: is made with :heart:, :beers: and :sparkles:. It parses source files to build a well-designed AST with powerful analysis and transformation API.
dotenv-linter

6.4 8.1 SonarJava VS dotenv-linter

⚡️Lightning-fast linter for .env files. Written in Rust 🦀
FindBugs

5.5 0.0 L1 SonarJava VS FindBugs

The new home of the FindBugs project
jQAssistant

3.4 0.0 SonarJava VS jQAssistant

Your Software. Your Structures. Your Rules.
Codacy

- SonarJava VS Codacy

Continuous static analysis, code coverage, and software metrics to automate code reviews.

* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.

Do you think we are missing an alternative of SonarJava or a related project?

Add another 'Code Analysis' Library

Popular Comparisons

README

Code Quality and Security for Java

This SonarSource project is a code analyzer for Java projects. Information about the analysis of Java features is available here.

Features

600+ rules (including 150+ bug detection rules and 350+ code smells)
Metrics (cognitive complexity, number of lines etc.)
Import of test coverage reports
Custom rules

Useful links

Have question or feedback?

To provide feedback (request a feature, report a bug etc.) use the Sonar Community Forum. Please do not forget to specify the language (Java!), plugin version and SonarQube version.

If you have a question on how to use plugin (and the docs don't help you), we also encourage you to use the community forum.

Contributing

Topic in SonarQube Community Forum

To request a new feature, please create a new thread in SonarQube Community Forum. Even if you plan to implement it yourself and submit it back to the community, please start a new thread first to be sure that we can use it.

Pull Request (PR)

To submit a contribution, create a pull request for this repository. Please make sure that you follow our code style and all tests are passing (all checks must be green).

Custom Rules

If you have an idea for a rule but you are not sure that everyone needs it you can implement a custom rule available only for you. Note that in order to help you, we highly recommend to first follow the Custom Rules 101 tutorial before diving directly into implementing rules from scratch.

Work with us

Would you like to work on this project full-time? We are hiring! Check out https://www.sonarsource.com/hiring

Testing

To run tests locally follow these instructions.

Java versions

You need Java 17 to build the project and run the Integration Tests (ITs).

Build the Project and Run Unit Tests

To build the plugin and run its unit tests, execute this command from the project's root directory:

mvn clean install

Integration Tests

To run integration tests, you will need to create a properties file like the one shown below, and set the url pointing to its location in an environment variable named ORCHESTRATOR_CONFIG_URL.

# version of SonarQube Server
sonar.runtimeVersion=7.9

orchestrator.updateCenterUrl=http://update.sonarsource.org/update-center-dev.properties

# Location of Maven local repository is not automatically guessed. It can also be set with the env variable MAVEN_LOCAL_REPOSITORY.
maven.localRepository=/home/myName/.m2/repository

With for instance the ORCHESTRATOR_CONFIG_URL variable being set as:

export ORCHESTRATOR_CONFIG_URL=file:///home/user/workspace/orchestrator.properties

Before running the ITs, be sure your MAVEN_HOME environment variable is set.

Sanity Test

The "Sanity Test" is a test which runs all checks against all the test sources files without taking into account the result of the analysis. It verifies that rules are not crashing on any file in our test sources. By default, this test is excluded from the build. To launch it:

mvn clean install -P sanity

Plugin Test

The "Plugin Test" is an integration test suite which verifies plugin features such as metric calculation, coverage etc. To launch it:

mvn clean install -Pit-plugin

Beware that some tests, specifically the JspTest, may fail due a missing or unauthorized Github token.

Ruling Test

The "Ruling Test" are an integration test suite which launches the analysis of a large code base, saves the issues created by the plugin in report files, and then compares those results to the set of expected issues (stored as JSON files).

To run the test, first make sure the submodules are checked out:

git submodule update --init --recursive

Launch ruling test:

cd its/ruling
mvn clean install -DskipTests=false

This test gives you the opportunity to examine the issues created by each rule and make sure they're what you expect. Any implemented rule is highly likely to raise issues on the multiple projects we use as ruling code base.

For newly implemented rule, it means that a first build will most probably fail, caused by differences between expected results (without any values for the new rule) and the new results. You can inspect these new issues by searching for files named after your rule (squid-SXXXX.json) in the following folder:
```
/path/to/project/sonar-java/its/ruling/target/actual/...
```
For existing rules which are modified, you may expect some differences between "actual" (from new analysis) and expected results. Review carefully the changes which are shown and update the expected resources accordingly.

All the json files contain a list of lines, indexed by file, expliciting where the issues raised by a specific rule are located. If/When everything looks good to you, you can copy the file with the actual issues located at:

its/ruling/target/actual/

Into the directory with the expected issues:

its/ruling/src/test/resources/

For example using the command:

cp its/ruling/target/actual/* its/ruling/src/test/resources/

Debugging Integration Tests

You can debug ITs by adding -Dmaven.binary=mvnDebug as an option when running the tests. This will cause the analyzer JVM to wait for a debugger to be attached before continuing.

License

Licensed under the GNU Lesser General Public License, Version 3.0

*Note that all licence references and agreements mentioned in the SonarJava README section above are relevant to that project's source code only.

SonarJava

:coffee: SonarSource Static Analyzer for Java Code Quality and Security