Static Analysis for Java

Parasoft Static Analysis for Java analyzes code against the industry’s deepest and broadest set of static and flow analysis rules. The raw analysis data can also be merged with test results, metrics analysis, coverage analysis, and other quality findings in Parasoft Development Testing Platform (DTP) to highlight systemic issues in the development process and prevent defects from happening again.

Supported environments

Custom Messages

Defects Detected

  • API usage and implementation
  • Deadlocks and race conditions
  • Exceptions
  • Initialization
  • Logical errors
  • Performance degradation
  • Portability problems
  • Resource and memory leaks
  • Serialization
  • Security vulnerabilities
  • Threads and synchronization
  • Unused and duplicate code

Out-of-the-box Test Configurations

  • CERT
  • CWE SANS Top 25
  • Ellemtel
  • DISA STIG for Java
  • Find Duplicated Code
  • Find Memory Problems
  • Find Unused Code
  • Flow Analysis
  • Internationalize Code
  • Juliet
  • Metrics
  • OWASP Top 10
  • NIST
  • PCI Data Security
  • Thread Safe Programming

Metrics Analysis

  • Cyclomatic Complexity
  • Essential Complexity
  • Class Inheritance Level
  • Halstead Complexity
  • Fan Out
  • Coupling Between Objects

Data Flow Rules

  • Avoid dereferencing before checking for null
  • Ensure resources are deallocated
  • Do not modify a collection while iterating over it

Static Code Analysis Rules

  • Override ‘Object.equals()’ and ‘Object.hashCode()’ together
  • Close JDBC connections in ‘finally’ blocks
  • Close IO resources in ‘finally’ blocks
  • Avoid calling ‘equals(null)’
  • Avoid infinite recursive method calls
  • Avoid modifying fixed size collections
  • Avoid out of range comparisons
  • Do not call ‘equals’ methods that always return false
  • Do not use ‘URL’ objects in collections or maps
  • Ensure overriding method name does not have a typo
  • Call ‘wait’ only inside a loop that checks a condition
  • Manually synchronize on ‘synchronized’ collections when iterating
  • Avoid dead stores on local variables


TransCore Case Study

TransCore needed a cost-effective way to ensure the reliability of their Java-based toll-road payment collection systems. Learn how static analysis and unit testing helped them achieve this by exposing defects early when they could be resolved with minimal rework and added costs.
Download »

SELEX-ES Case Study

SELEX-ES wanted to eliminate software defects early in the SDLC. Learn how Parasoft static analysis helped them increase reliability while reducing reduced development time, costs, and resources.
Download »

United Guaranty Case Study

Software defects were resulting in sporadic downtime for United Guaranty's applications, disrupting the business processes that relied on them. Learn how they established a continuous quality process that not only addressed these availability problems, but also saves them more than $400,000 annually.
Download »

Achieving Java Application Security with Parasoft Jtest

Organizations taking to the cloud must be wary distributed denial-of-service attacks (DDOS) and SQL injections (SQLi) and other cyber-attacks. In this paper, you'll learn how to build security into your Java application.
Download »

Establishing a Continuous Process for PCI DSS Compliance

Details how Parasoft reduces the time and cost of PCI DSS compliance.
Download »

First Things First – Getting Started with Static Analysis

Parasoft static analysis expert shares tips and tricks for implementing static analysis the right way - including the range of implementation methods and how to avoid common pitfalls.
Watch »

How to Avoid Security Vulnerabilities with Static Analysis

This Power Hour Webinar explores how to implement static analysis as a mechanism for preventing defects. You’ll learn how to leverage security standards (OWASP, PCI DSS, & CWE) and evolve development policies from static analysis findings.
Watch »