Java Code Quality Tools

Few days back we decided that we need some code quality tool on our project and the search has begun.
The most comprehensive post on this topic we found here, but it’s been 6 years since the post was published and a lot of the tools are already outdated, so I decided to update it a bit. I sorted the list of tools by their update time, from newly updated to already dead tools(some update dates can be not that accurate, cause sometimes it was difficult to find the year of the last update).

The most used seem to be PMDCoberturaCheckstyleFindBugs and Sonar, which has many tools integrated inside it(e.g. FindBugs, PMD, Checkstyle, JDepend), and that’s why we decided to try it out.
Also, I found a new one – Codacy, functionally pretty similar to Sonar, but it works directly with repositories. If you know an efficient tool not listed below, feel free to mention it in the comments.

  • Qulice (last update: 2017)
    Is a static analysis quality control instrument for Java projects. It combines all the best static analysis instruments and pre-configure them. There are many tools that control the quality of Java code, including Checkstyle, PMD, FindBugs, Cobertura, etc. All of them are usually used to analyze the quality and build some fancy reports. It aggregates a few quality checkers, configures them to a maximum strict mode, and breaks your build if any of them fail.
  • Codacy(last update: 2017)
    Codacy is a complex customizable multilanguage quality control tool. It directly integrates with Github Enterprise, Bitbucket Server (Stash) and Gitlab and doesn’t require a change of workflow. With Codacy you get static analysis, code coverage, duplication and complexity changes in every commit and pull request.
  • Sonar(last update: 2017)
    Sonar is a continuous quality control tool for Java applications. Its basic purpose in life is to join your existing continuous integration tools to place all your development projects under quality control.
  • PMD(last update: 2017)
    It scans Java source code and looks for potential problems: Possible bugs, Dead code, Suboptimalulode, Overcomplicated expressions and Duplicate code.
  • Cobertura(last update: 2017)
    It’s a free Java tool that calculates the percentage of code accessed by tests. It can be used to identify which parts of your Java program are lacking test coverage. It is based on jcoverage.
  • Checkstyle(last update: 2017)
    It is a development tool to help programmers write Java code that adheres to a coding standard.
  • UCDetector(last update: 2017)
    UCDetector (Unecessary Code Detector) is a Open Source eclipse PlugIn Tool to find unecessary (dead) java code. It also tries to make code final, protected or private. UCDetector also finds cyclic dependencies between classes.
  • Cloc(last update: 2017)
    Cloc counts blank lines, comment lines, and physical lines of source code in many programming languages.
  • SourceMonitor(last update: 2017)
    The freeware program SourceMonitor lets you see inside your software source code to find out how much code you have and to identify the relative complexity of your modules. For example, you can use SourceMonitor to identify the code that is most likely to contain defects and thus warrants formal review.
  • Spoon(last update: 2017)
    Spoon provides a complete and fine-grained Java metamodel where any program element (classes, methods, fields, statements, expressions…) can be accessed both for reading and modification. Spoon can be used on validation purpose, to ensure that your programs respect some programming conventions or guidelines, or for program transformation, by using a pure-Java template engine.
  • PathFinder(last update: 2017)
    Java PathFinder (JPF) is a system to verify executable Java bytecode programs. In its basic form, it is a Java Virtual Machine (JVM) that is used as an explicit state software model checker, systematically exploring all potential execution paths of a program to find violations of properties like deadlocks or unhandled exceptions. Unlike traditional debuggers, JPF reports the entire execution path that leads to a defect. JPF is especially well-suited to finding hard-to-test concurrency defects in multithreaded program
  • Soot(last update: 2017)
    Soot can be used as a stand alone tool to optimize or inspect class files, as well as a framework to develop optimizations or transformations on Java bytecode.
  • FindBugs(last update: 2015)
    It looks for bugs in Java programs. It can detect a variety of common coding mistakes, including thread synchronization problems, misuse of API methods, etc.
  • JDepend(last update: 2015)
    JDepend traverses Java class file directories and generates design quality metrics for each Java package. JDepend allows you to automatically measure the quality of a design in terms of its extensibility, reusability, and maintainability to effectively manage and control package dependencies.
  • Classycle(last update: 2014)
    Classycle’s Analyser analyses the static class and package dependencies in Java applications or libraries. It is especially helpful for finding cyclic dependencies between classes or packages. Classycle is similar to JDepend which does also a dependency analysis but only on the package level.
  • CODERU(last update: 2014)
    CODERU is a java code quality tool to enforce good design in respect to package dependencies. The CODERU-rules rely on reserved package names and the allowed dependency rules between them expressed in a general way.
  • DoctorJ(last update: 2013)
    DoctorJ analyzes Java code, in the following functional areas: documentation verification, statistics generation and syntax analysis.
  • JarAnalyzer(last update: 2013)
    JarAnalyzer is a dependency management tool for .jar files. JarAnalyzer will analyze all .jar in a given directory and identify the dependencies between each. Output formats include xml, with a stylesheet included to transform it to html, and GraphViz DOT, allowing you to produce a visual component diagram showing the relationships between .jar files. The xml output includes important design metrics such as Afferent and Efferent coupling, Abstractness, Instability, and Distance. There is also an Ant task available that allows you to include JarAnalyzer as part of your build script.
  • Jalopy(last update: 2012)
    Jalopy is an easily configurable source code formatter that can detect, and fix, a number of code convention flaws that might appear in Java code. Jalopy is more of a code fixer than a code checker. Jalopy plug-ins are present for most IDEs and, in most cases, they gel quite seamlessly with the IDE.
  • JBoss Tattletale(last update: 2012)
    JBoss Tattletale is a tool that can help you get an overview of the project you are working on or a product that you depend on. The tool will recursive scan a directory for JAR files and generate linked and formatted HTML reports.
  • JLint(last update: 2011)
    It checks your Java code and finds bugs, inconsistencies and synchronization problems by doing data flow analysis and building the lock graph.
  • Squale(last update: 2011)
    Squale is a qualimetry platform that allows to analyze multi-language software applications in order to give a sharp and comprehensive picture of their quality: High level factors for top-managers and Practical indicators for development teams.
  • Hammurapi(last update: 2010)
    Hammurapi is an open source code inspection tool. Its release comes with more than 100 inspectors which inspect different aspects of code: Compliance with EJB specification, threading issues, coding standards, and much more.
  • Dependency Finder(last update: 2010)
    Extracts dependencies and OO metrics from Java class files produced by most Java compilers.
  • XRadar(last update: 2009)
    The XRadar is an open extensible code report tool that produces HTML/SVG reports of the systems current state and the development over time. Uses DependencyFinder, JDepend, PMD, PMD-CPD, JavaNCSS, Cobertura, Checkstyle, XSource, JUnit, Java2HTML, ant and maven.
  • JavaNCSS(last update: 2009)
    JavaNCSS is a simple command line utility which measures two standard source code metrics for the Java programming language. The metrics are collected globally, for each class and/or for each function.
  • Jameleon(last update: 2008)
    Jameleon is an automated testing framework that can be easily used by technical and non-technical users alike. One of the main concepts behind Jameleon is to create a group of keywords or tags that represent different screens of an application. All of the logic required to automate each particular screen can be defined in Java and mapped to these keywords. The keywords can then be organized with different data sets to form test scripts without requiring an in-depth knowledge of how the application works. The test scripts are then used to automate testing and to generate manual test case documentation.
  • Coqua(last update: 2008)
    Coqua measures 5 distinct Java code quality metrics, providing an overview and history for the management, and down-to-the-code, detailed views for the developer. Metrics can be defined per team. Ideal for mid- to large-sized and/or offshore projects.
  • Crap4j(last update: 2008)
    Crap4j is a Java implementation of the CRAP (Change Risk Analysis and Predictions) software metric – a mildly offensive metric name to help protect you from truly offensive code.
  • ESC/Java2(last update: 2008)
    The Extended Static Checker for Java version 2 (ESC/Java2) is a programming tool that attempts to find common run-time errors in JML-annotated Java programs by static analysis of the program code and its formal annotations. Users can control the amount and kinds of checking that ESC/Java2 performs by annotating their programs with specially formatted comments called pragmas.
  • Dependometer(last update: 2007)
    Dependometer performs a static analysis of physical dependencies within a software system. Dependometer validates dependencies against the logical architecture structuring the system into classes, packages, subsystems, vertical slices and layers and detects cycles between these structural elements. Furthermore, it calculates a number of quality metrics on the different abstraction layers and reports any violations against the configured thresholds.
  • JDiff(last update: 2007)
    JDiff is a Javadoc doclet which generates an HTML report of all the packages, classes, constructors, methods, and fields which have been removed, added or changed in any way, including their documentation, when two APIs are compared. This is very useful for describing exactly what has changed between two releases of a product. Only the API (Application Programming Interface) of each version is compared. It does not compare what the source code does when executed.
  • Panopticon(last update: 2007)
    The Panopticode project provides a set of open source tools for gathering, correlating, and displaying code metrics.
  • Lint4j(last update: 2007)
    Lint4j (“Lint for Java”) is a static Java source and byte code analyzer that detects locking and threading issues, performance and scalability problems, and checks complex contracts such as Java serialization by performing type, data flow, and lock graph analysis.
  • QALab(last update: 2006)
    QALab consolidates data from Checkstyle, PMD, FindBugs and Simian and displays it in one consolidated view. QALab keeps a track of the changes over time, thereby allowing you to see trends over time. You can tell weather the number of violations has increased or decreased – on a per file basis, or for the entire project. It also plots charts of this data. QALab plugs in to maven or ant.
  • Emma(last update: 2005)
    It is a fast Java code coverage tool based on bytecode instrumentation. It differs from the existing tools by enabling coverage profiling on large scale enterprise software projects with simultaneous emphasis on fast individual development.
  • Clirr(last update: 2005)
    Clirr is a tool that checks Java libraries for binary and source compatibility with older releases. Basically you give it two sets of jar files and Clirr dumps out a list of changes in the public api. The Clirr Ant task can be configured to break the build if it detects incompatible api changes. In a continuous integration process Clirr can automatically prevent accidental introduction of binary or source compatibility problems.
  • ckjm(last update: 2005)
    The program ckjm calculates Chidamber and Kemerer object-oriented metrics by processing the bytecode of compiled Java files. The program calculates for each class the following six metrics proposed by Chidamber and Kemerer.
  • Eclipse Metrics plugin(last update: 2005)
    Provide metrics calculation and dependency analyzer plugin for the Eclipse platform. Measure various metrics with average and standard deviation and detect cycles in package and type dependencies and graph them.
  • QJ-Pro(last update: 2005)
    QJ-Pro is a comprehensive software inspection tool targeted towards the software developer. Developers can automatically inspect their Java source code and improve their Java programming skills as they write their programs. QJ-Pro provides descriptive Java patterns explaining error prone code constructs and providing solutions for it.
  • Macker(last update: 2003)
    Macker is a build-time architectural rule checking utility for Java developers. It’s meant to model the architectural ideals programmers always dream up for their projects, and then break — it helps keep code clean and consistent. You can tailor a rules file to suit a specific project’s structure, or write some general “good practice” rules for your code. Macker doesn’t try to shove anybody else’s rules down your throat; it’s flexible, and writing a rules file is part of the development process for each unique project.
  • JCSC(last update: 2003)
    JCSC is a powerful tool to check source code against a highly definable coding standard and potential bad code. The standard covers naming conventions for class, interfaces, fields, parameter, … . Also the structural layout of the type (class/interface) can be defined. Like where to place fields, either before or after the methods and in which order. The order can be defined through the visibility or by type (instance, class, constant). The same is applicable for methods. Each of those rules is highly customizable. Readability is enhanced by defining where to put white spaces in the code and when to use braces. The existence of correct JavaDoc can be enforced and various levels. Apart from that, it finds weaknesses in the the code — potential bugs — like empty catch/finally block, switch without default, throwing of type ‘Exception’, slow code.
  • Condenser(last update: 2002)
    Condenser is a tool for finding and removing duplicated Java code. Unlike tools that only locate duplicated code, the aim of Condenser is to also automatically remove duplicated code where it is safe to do so.
  • CodePro Analytix(dead)
    It’s a great tool (Eclipse plugin) for improving software quality. It has the next key features: Code Analysis, JUnit Test Generation, JUnit Test Editor, Similar Code Analysis, Metrics, Code Coverage and Dependency Analysis.
  • DCD(dead)
    DCD finds dead code in your Java applications.
  • Byecycle(dead)
    Byecycle is an auto-arranging dependency analysis plugin for Eclipse. Its goal is to make you feel sick when you see bad code and to make you feel happy when you see a good code.
  • Relief(dead)
    Relief provides a new look on Java projects. Relying on our ability to deal with real objects by examining their shape, size or relative place in space it gives a “physical” view on java packages, types and fields and their relationships, making them easier to handle. Lets discuss quickly how we interprete physical properties and how it can help us to grasp project characteristics.