Hacking on GraphHopper - a Java road routing engine. Peter has posted 62 posts at DZone. You can read more from them at their website. View Full User Profile

Code Quality Tools in Java

  • submit to reddit

There are several tools to measure the code quality. The ones I have tried with a lot of success are:

  • FindBugs (latest version 1.3.8) – uses static analysis to look for bugs in Java code. This is a great tool, it discovered possible NullPointerExceptions and a lot more bugs in my projects. Sometimes I asked myself how this program could have discovered this ‘complicated’ bug.With the maven plugin you can do:
    mvn findbugs:findbugs

    which will use version 1.3.8 out of the box

  • PMD (latest version 4.2.5) – scans Java source code and looks for potential problems. The rules are configurable, but at the beginning you will only need the provided one (and spend a lot of time to choose your favourites ;-) )In NetBeans 6.5 this tool is well integrated and works like a charme (CTRL+ALT+P).

    With the maven plugin you can do:

    mvn pmd:pmd

    after you specified the following in the pom.xml under<reporting> <plugins> :


Other tools could be

  • JarAnalyzerIs a dependency management utility for jar files. It’s primary purpose is to traverse through a directory, parse each of the jar files in that directory, and identify the dependencies between the jar files.
  • HammurAPIa code quality governance platform

but I haven’t tried them so far.

For Findbugs  and pmd there is a NetBeans plugin (SQE … software quality environment) which looks promising, but fails with a NullPointerException after I installed it via the update center and tried it on my project. Maybe I should use one of the snapshots. (BTW: I successfully used the pmd-plugin and findbugs in the standalone version).

Sonar is another interesting approach to use several code quality tools at a time. With Sonar it is possible to see the violations or possible bugs over das or weeks  – so, you are looking at the improvements and you will not get lost in the mass of bugs at the beginning. Another “multi-tooling” project is XRadar.

A little bit offtopic, but a great tool is proguard, which shrinks, optimizes, obfuscates and preverifies Java class files. There is even a maven plugin for that.

From http://karussell.wordpress.com/

Published at DZone with permission of its author, Peter Karussell.

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)


Sven Reimers replied on Mon, 2009/05/25 - 2:56am

As the maintainer of SQE I can confiram that the latest available SQE version has problems in newer NetBeans version(s). That is the bad news. The good news is that the new SQE version will be release Real Soon Now... and fixes all those nasty NPE's and the remaining issues in NetBeans issue tracker...

David Karr replied on Mon, 2009/05/25 - 11:43am

One of the interesting factors that makes PMD useful in unusual situations is that you actually have the ability to write your own rules. When PMD parses a source file, it builds an abstract syntax tree (pretty normal so far), but then it provides access to that tree through XPath or a pure Java api. That provides a lot of power if it's something you need.

Pether Sorling replied on Tue, 2009/05/26 - 6:17am

Xradar (http://xradar.sourceforge.net/) is excellent , view sample report at http://xradar.sourceforge.net/reports/release4/index.html . Development looks like it's pretty active..

Walter Bogaardt replied on Tue, 2009/05/26 - 11:23am

A couple of things also missed, and I wouldn't discount is  code coverage tools/reports like surefire reports, or checkstyles. Using these in your build process outside of the IDE environment and in a continious integration environment like Continuum provides valuable statistics. Couple that with maven dashboard plugin with persistence can give you historic trending of how your code is progressing.

Michael Muller replied on Thu, 2012/05/10 - 1:09pm


You should take a look at one new free & open source tool » Scertify Refactoring Assessment (http://sourceforge.net/projects/scertify-sonar/?source=directory). The tool works as Sonar plugin and is dedicated to development & QA teams. It provides benchmark data on Software Quality. It automatically detects the portions of an application that can be refactored, gives valuable information on refactoring strategies, etc.

The tool also powers a collaborative benchmark repository (http://techdebt.org), that shows metrics (code coverage, complexity, rule violations, duplicated code, etc.).

Have fun! Mike.

Alexander Rubinov replied on Wed, 2013/02/27 - 7:59am


there is a new open source quality tool called CODERU (http://coderu.org , developed by me to support my current project) that uses quite other approach than  FindBugs or PMD

While FindBugs and PMD have a focus on the method and algorithm level, CODERU addresses structural quality on package and therefor classes dependency level.

CODERU forces you and your teem member to write layered and component oriented code by follow predefined coding rules.

The rules are simple, but prevent arising a complex design problems.

The CODERU-rules rely on reserved package names and the allowed dependency rules between them expressed in a general way.

Unlike other tool forcing you to define allowed or disallowed individual package dependencies CODERU is based on a fixed set of general rules. The dependencies between packages need not be defined explicitly.

For more information visit a tool home page .

Ciao, Alexander

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.