Find Security Bugs – SpotBugs plugin for Java

Find Security Bugs is a well-known plugin for security audits of Java web applications. the tool have a large list of rules to identify security vulnerabilities in static source code. The development of Find Security Bugs is supported by GoSecure since 2016. The support includes the development of new detectors and the research for new vulnerability classes.

Find Security Bugs - SpotBugs plugin for Java
Find Security Bugs – SpotBugs plugin for Java

Some of the features with this tool are:

  • 135 bug patterns – It can detect 135 different vulnerability types with over 816 unique API signatures. this include SQL query (May leads to SQL injection), File opening (May leads to path traversal) , Command execution (Potential Command injection) , HTML construction (Potential XSS) , detect weak XSS protection, Predictable pseudorandom number generator and more.
  • Continuous integration – Can be used with systems such as Jenkins and SonarQube.
  • Support your frameworks and libraries – Cover popular frameworks including Spring-MVC, Struts, Tapestry and many more.
  • OWASP TOP 10 and CWE coverage – Extensive references are given for each bug patterns with references to OWASP Top 10 and CWE.
  • Integrate with your IDE – Plugins are available for Eclipse, IntelliJ, Android Studio and NetBeans. Command line integration is available with Ant and Maven.
  • Open for contributions – The project is open-source and is open for contributions.

You can read more and download this tool over here:

Notify of
Inline Feedbacks
View all comments