How do commercial Java static analysis tools compare with the free ones?

java open-source static-analysis commercial-application
20,350

Solution 1

I'll suggest you to try SONAR an open source software quality management tool, dedicated to continuously analyze and measure source code quality. This soft take the result from code analysis tool, consolidate that results and give you access to an user friendly interface.

Solution 2

The one feature you will most certainly find in a commercial static analysis tool (and that you will not find easily in a freeware analysis tool, at least in 2008, at the time of the OP) is
Reporting: Measures software quality trends over time

As explained in this question about code metrics, any static code analysis in itself in not always meaningful, because you could have:

  • too many "defects" to fix
  • too many categories of defect reported

You need the ability to do some triage, and you need to check if a particular defect is occurring less and less over time or not, in order to help you prioritize what to fix.

This is especially true on legacy project with thousands of classes: you do not fix defect on many files just like that, without having a good reason. That reason can be deduced from a good reporting and trend analysis you will not find with freeware tools.

Update: from 2012 (4 years later), Sonar (Now in 2018 named "SonarQube") "Historical Information" (aka "Time Machine") in its 4.x and 5.x series.
Note those project dashboards were dropped in SonarQube 6.1 (Sept. 2016): see this thread.
Those dashboard would need to be re-created manually through a custom page.
SonarQube 6.5 restores a bit of those dashboards with the Activity page, which gets (several predefined and one customisable) charts to display the evolution of a project.

Solution 3

here's a list of commercial analysis tools : http://en.wikipedia.org/wiki/List_of_tools_for_static_code_analysis#Java_2

coverity has several tools :
http://www.coverity.com/html/coverity-readiness-manager-java.html : this should be on par with findbugs and PMD but with better presentation

prevent : http://www.coverity.com/html/prevent-for-java.html : low FALSE POSITIVES.

thread analyzer : http://www.coverity.com/html/coverity-thread-analyzer-java.html : this is what is absent in most open source tools.

Share:
20,350
user1820801
Author by

user1820801

Software developer.

Updated on January 03, 2020

Comments

  • user1820801
    user1820801 over 4 years

    I'm familiar with a handful of the free static analysis tools available for Java, such as FindBugs and PMD. What I'd like to know is how the commercial products such as Klocwork and Coverity stack up against these. What are their strengths and weaknesses?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

A "NullPointerException" could be thrown; "context" is nullable here
Java Open Source Workflow Engines
What are some interesting, free, open-source Dynamic Analysis tools for Java?
checkstyle + suppression filters
ejb3-persistence.jar source
Open source java projects to get involved in?
open Source CRM software written in Java
What is the best open source pure java computer vision library?
Good Java Process Control Library
Looking for an embeddable SQL beautifier or reformatter