Alternatives to FindBugs logo

Alternatives to FindBugs

PMD, Checkstyle , SonarLint, SonarQube, and CodeNarc are the most popular alternatives and competitors to FindBugs.
47
53
+ 1
0

What is FindBugs and what are its top alternatives?

It detects possible bugs in Java programs. Potential errors are classified in four ranks: scariest, scary, troubling and of concern. This is a hint to the developer about their possible impact or severity.
FindBugs is a tool in the Code Review category of a tech stack.

Top Alternatives to FindBugs

  • PMD

    PMD

    It is a source code analyzer. It finds common programming flaws like unused variables, empty catch blocks, unnecessary object creation, and so forth. It includes CPD, the copy-paste-detector. ...

  • Checkstyle

    Checkstyle

    It is a development tool to help programmers write Java code that adheres to a coding standard. It automates the process of checking Java code to spare humans of this boring (but important) task. This makes it ideal for projects that want to enforce a coding standard. ...

  • SonarLint

    SonarLint

    It is an IDE extension that helps you detect and fix quality issues as you write code. Like a spell checker, it squiggles flaws so that they can be fixed before committing code. ...

  • SonarQube

    SonarQube

    SonarQube provides an overview of the overall health of your source code and even more importantly, it highlights issues found on new code. With a Quality Gate set on your project, you will simply fix the Leak and start mechanically improving. ...

  • CodeNarc

    CodeNarc

    A flexible framework for rules, rule sets and custom rules means it's easy to configure it to fit into your project. Build tool, framework support, and report generation are all enterprise ready. ...

  • ESLint

    ESLint

    A pluggable and configurable linter tool for identifying and reporting on patterns in JavaScript. Maintain your code quality with ease. ...

  • Prettier

    Prettier

    Prettier is an opinionated code formatter. It enforces a consistent style by parsing your code and re-printing it with its own rules that take the maximum line length into account, wrapping code when necessary. ...

  • Snyk

    Snyk

    Fix vulnerabilities in Node & npm dependencies with a click.

FindBugs alternatives & related posts

PMD logo

PMD

26
46
0
An extensible cross-language static code analyzer
26
46
+ 1
0
PROS OF PMD
    No pros available
    CONS OF PMD
      No cons available

      related PMD posts

      Joshua Dean K眉pper
      CEO at Scrayos UG (haftungsbeschr盲nkt) | 1 upvote 路 232.5K views

      We use PMD alongside Checkstyle and FindBugs (Spotbugs) for our static code analysis, as a standard stage in all of our pipelines. PMD offers us insight into various optimization possibilities, best-practice alignment, coding convention compliance and general problems with our code.

      See more
      Checkstyle  logo

      Checkstyle

      61
      61
      0
      A static code analysis tool
      61
      61
      + 1
      0
      PROS OF CHECKSTYLE
        No pros available
        CONS OF CHECKSTYLE
          No cons available

          related Checkstyle posts

          Joshua Dean K眉pper
          CEO at Scrayos UG (haftungsbeschr盲nkt) | 1 upvote 路 232.5K views

          We use PMD alongside Checkstyle and FindBugs (Spotbugs) for our static code analysis, as a standard stage in all of our pipelines. PMD offers us insight into various optimization possibilities, best-practice alignment, coding convention compliance and general problems with our code.

          See more
          SonarLint logo

          SonarLint

          70
          141
          8
          An IDE extension to detect and fix issues as you write code
          70
          141
          + 1
          8
          PROS OF SONARLINT
          CONS OF SONARLINT
            No cons available

            related SonarLint posts

            related SonarQube posts

            Simon Reymann
            Senior Fullstack Developer at QUANTUSflow Software GmbH | 27 upvotes 路 1.8M views

            Our whole DevOps stack consists of the following tools:

            • GitHub (incl. GitHub Pages/Markdown for Documentation, GettingStarted and HowTo's) for collaborative review and code management tool
            • Respectively Git as revision control system
            • SourceTree as Git GUI
            • Visual Studio Code as IDE
            • CircleCI for continuous integration (automatize development process)
            • Prettier / TSLint / ESLint as code linter
            • SonarQube as quality gate
            • Docker as container management (incl. Docker Compose for multi-container application management)
            • VirtualBox for operating system simulation tests
            • Kubernetes as cluster management for docker containers
            • Heroku for deploying in test environments
            • nginx as web server (preferably used as facade server in production environment)
            • SSLMate (using OpenSSL) for certificate management
            • Amazon EC2 (incl. Amazon S3) for deploying in stage (production-like) and production environments
            • PostgreSQL as preferred database system
            • Redis as preferred in-memory database/store (great for caching)

            The main reason we have chosen Kubernetes over Docker Swarm is related to the following artifacts:

            • Key features: Easy and flexible installation, Clear dashboard, Great scaling operations, Monitoring is an integral part, Great load balancing concepts, Monitors the condition and ensures compensation in the event of failure.
            • Applications: An application can be deployed using a combination of pods, deployments, and services (or micro-services).
            • Functionality: Kubernetes as a complex installation and setup process, but it not as limited as Docker Swarm.
            • Monitoring: It supports multiple versions of logging and monitoring when the services are deployed within the cluster (Elasticsearch/Kibana (ELK), Heapster/Grafana, Sysdig cloud integration).
            • Scalability: All-in-one framework for distributed systems.
            • Other Benefits: Kubernetes is backed by the Cloud Native Computing Foundation (CNCF), huge community among container orchestration tools, it is an open source and modular tool that works with any OS.
            See more
            Ganesa Vijayakumar
            Full Stack Coder | Module Lead | 18 upvotes 路 1.9M views

            I'm planning to create a web application and also a mobile application to provide a very good shopping experience to the end customers. Shortly, my application will be aggregate the product details from difference sources and giving a clear picture to the user that when and where to buy that product with best in Quality and cost.

            I have planned to develop this in many milestones for adding N number of features and I have picked my first part to complete the core part (aggregate the product details from different sources).

            As per my work experience and knowledge, I have chosen the followings stacks to this mission.

            UI: I would like to develop this application using React, React Router and React Native since I'm a little bit familiar on this and also most importantly these will help on developing both web and mobile apps. In addition, I'm gonna use the stacks JavaScript, jQuery, jQuery UI, jQuery Mobile, Bootstrap wherever required.

            Service: I have planned to use Java as the main business layer language as I have 7+ years of experience on this I believe I can do better work using Java than other languages. In addition, I'm thinking to use the stacks Node.js.

            Database and ORM: I'm gonna pick MySQL as DB and Hibernate as ORM since I have a piece of good knowledge and also work experience on this combination.

            Search Engine: I need to deal with a large amount of product data and it's in-detailed info to provide enough details to end user at the same time I need to focus on the performance area too. so I have decided to use Solr as a search engine for product search and suggestions. In addition, I'm thinking to replace Solr by Elasticsearch once explored/reviewed enough about Elasticsearch.

            Host: As of now, my plan to complete the application with decent features first and deploy it in a free hosting environment like Docker and Heroku and then once it is stable then I have planned to use the AWS products Amazon S3, EC2, Amazon RDS and Amazon Route 53. I'm not sure about Microsoft Azure that what is the specialty in it than Heroku and Amazon EC2 Container Service. Anyhow, I will do explore these once again and pick the best suite one for my requirement once I reached this level.

            Build and Repositories: I have decided to choose Apache Maven and Git as these are my favorites and also so popular on respectively build and repositories.

            Additional Utilities :) - I would like to choose Codacy for code review as their Startup plan will be very helpful to this application. I'm already experienced with Google CheckStyle and SonarQube even I'm looking something on Codacy.

            Happy Coding! Suggestions are welcome! :)

            Thanks, Ganesa

            See more
            CodeNarc logo

            CodeNarc

            6
            6
            0
            Analyzes Groovy code for defects
            6
            6
            + 1
            0
            PROS OF CODENARC
              No pros available
              CONS OF CODENARC
                No cons available

                related CodeNarc posts

                ESLint logo

                ESLint

                9.7K
                5.5K
                21
                The fully pluggable JavaScript code quality tool
                9.7K
                5.5K
                + 1
                21

                related ESLint posts

                Simon Reymann
                Senior Fullstack Developer at QUANTUSflow Software GmbH | 27 upvotes 路 1.8M views

                Our whole DevOps stack consists of the following tools:

                • GitHub (incl. GitHub Pages/Markdown for Documentation, GettingStarted and HowTo's) for collaborative review and code management tool
                • Respectively Git as revision control system
                • SourceTree as Git GUI
                • Visual Studio Code as IDE
                • CircleCI for continuous integration (automatize development process)
                • Prettier / TSLint / ESLint as code linter
                • SonarQube as quality gate
                • Docker as container management (incl. Docker Compose for multi-container application management)
                • VirtualBox for operating system simulation tests
                • Kubernetes as cluster management for docker containers
                • Heroku for deploying in test environments
                • nginx as web server (preferably used as facade server in production environment)
                • SSLMate (using OpenSSL) for certificate management
                • Amazon EC2 (incl. Amazon S3) for deploying in stage (production-like) and production environments
                • PostgreSQL as preferred database system
                • Redis as preferred in-memory database/store (great for caching)

                The main reason we have chosen Kubernetes over Docker Swarm is related to the following artifacts:

                • Key features: Easy and flexible installation, Clear dashboard, Great scaling operations, Monitoring is an integral part, Great load balancing concepts, Monitors the condition and ensures compensation in the event of failure.
                • Applications: An application can be deployed using a combination of pods, deployments, and services (or micro-services).
                • Functionality: Kubernetes as a complex installation and setup process, but it not as limited as Docker Swarm.
                • Monitoring: It supports multiple versions of logging and monitoring when the services are deployed within the cluster (Elasticsearch/Kibana (ELK), Heapster/Grafana, Sysdig cloud integration).
                • Scalability: All-in-one framework for distributed systems.
                • Other Benefits: Kubernetes is backed by the Cloud Native Computing Foundation (CNCF), huge community among container orchestration tools, it is an open source and modular tool that works with any OS.
                See more
                Johnny Bell
                Software Engineer at Weedmaps | 18 upvotes 路 1M views

                So when starting a new project you generally have your go to tools to get your site up and running locally, and some scripts to build out a production version of your site. Create React App is great for that, however for my projects I feel as though there is to much bloat in Create React App and if I use it, then I'm tied to React, which I love but if I want to switch it up to Vue or something I want that flexibility.

                So to start everything up and running I clone my personal Webpack boilerplate - This is still in Webpack 3, and does need some updating but gets the job done for now. So given the name of the repo you may have guessed that yes I am using Webpack as my bundler I use Webpack because it is so powerful, and even though it has a steep learning curve once you get it, its amazing.

                The next thing I do is make sure my machine has Node.js configured and the right version installed then run Yarn. I decided to use Yarn because when I was building out this project npm had some shortcomings such as no .lock file. I could probably move from Yarn to npm but I don't really see any point really.

                I use Babel to transpile all of my #ES6 to #ES5 so the browser can read it, I love Babel and to be honest haven't looked up any other transpilers because Babel is amazing.

                Finally when developing I have Prettier setup to make sure all my code is clean and uniform across all my JS files, and ESLint to make sure I catch any errors or code that could be optimized.

                I'm really happy with this stack for my local env setup, and I'll probably stick with it for a while.

                See more
                Prettier logo

                Prettier

                1.2K
                337
                0
                Prettier is an opinionated code formatter.
                1.2K
                337
                + 1
                0
                PROS OF PRETTIER
                  No pros available
                  CONS OF PRETTIER
                    No cons available

                    related Prettier posts

                    Simon Reymann
                    Senior Fullstack Developer at QUANTUSflow Software GmbH | 27 upvotes 路 1.8M views

                    Our whole DevOps stack consists of the following tools:

                    • GitHub (incl. GitHub Pages/Markdown for Documentation, GettingStarted and HowTo's) for collaborative review and code management tool
                    • Respectively Git as revision control system
                    • SourceTree as Git GUI
                    • Visual Studio Code as IDE
                    • CircleCI for continuous integration (automatize development process)
                    • Prettier / TSLint / ESLint as code linter
                    • SonarQube as quality gate
                    • Docker as container management (incl. Docker Compose for multi-container application management)
                    • VirtualBox for operating system simulation tests
                    • Kubernetes as cluster management for docker containers
                    • Heroku for deploying in test environments
                    • nginx as web server (preferably used as facade server in production environment)
                    • SSLMate (using OpenSSL) for certificate management
                    • Amazon EC2 (incl. Amazon S3) for deploying in stage (production-like) and production environments
                    • PostgreSQL as preferred database system
                    • Redis as preferred in-memory database/store (great for caching)

                    The main reason we have chosen Kubernetes over Docker Swarm is related to the following artifacts:

                    • Key features: Easy and flexible installation, Clear dashboard, Great scaling operations, Monitoring is an integral part, Great load balancing concepts, Monitors the condition and ensures compensation in the event of failure.
                    • Applications: An application can be deployed using a combination of pods, deployments, and services (or micro-services).
                    • Functionality: Kubernetes as a complex installation and setup process, but it not as limited as Docker Swarm.
                    • Monitoring: It supports multiple versions of logging and monitoring when the services are deployed within the cluster (Elasticsearch/Kibana (ELK), Heapster/Grafana, Sysdig cloud integration).
                    • Scalability: All-in-one framework for distributed systems.
                    • Other Benefits: Kubernetes is backed by the Cloud Native Computing Foundation (CNCF), huge community among container orchestration tools, it is an open source and modular tool that works with any OS.
                    See more
                    Johnny Bell
                    Software Engineer at Weedmaps | 18 upvotes 路 1M views

                    So when starting a new project you generally have your go to tools to get your site up and running locally, and some scripts to build out a production version of your site. Create React App is great for that, however for my projects I feel as though there is to much bloat in Create React App and if I use it, then I'm tied to React, which I love but if I want to switch it up to Vue or something I want that flexibility.

                    So to start everything up and running I clone my personal Webpack boilerplate - This is still in Webpack 3, and does need some updating but gets the job done for now. So given the name of the repo you may have guessed that yes I am using Webpack as my bundler I use Webpack because it is so powerful, and even though it has a steep learning curve once you get it, its amazing.

                    The next thing I do is make sure my machine has Node.js configured and the right version installed then run Yarn. I decided to use Yarn because when I was building out this project npm had some shortcomings such as no .lock file. I could probably move from Yarn to npm but I don't really see any point really.

                    I use Babel to transpile all of my #ES6 to #ES5 so the browser can read it, I love Babel and to be honest haven't looked up any other transpilers because Babel is amazing.

                    Finally when developing I have Prettier setup to make sure all my code is clean and uniform across all my JS files, and ESLint to make sure I catch any errors or code that could be optimized.

                    I'm really happy with this stack for my local env setup, and I'll probably stick with it for a while.

                    See more
                    Snyk logo

                    Snyk

                    495
                    142
                    2
                    Fix vulnerabilities in Node & npm dependencies with a click
                    495
                    142
                    + 1
                    2
                    CONS OF SNYK
                      No cons available

                      related Snyk posts

                      Bryan Dady
                      SRE Manager at Subsplash | 3 upvotes 路 135.5K views

                      I'm beginning to research the right way to better integrate how we achieve SCA / shift-left / SecureDevOps / secure software supply chain. If you use or have evaluated WhiteSource, Snyk, Sonatype Nexus, SonarQube or similar, I would very much appreciate your perspective on strengths and weaknesses and how you selected your ultimate solution. I want to integrate with GitLab CI.

                      See more