https://github.com/find-sec-bugs/find-sec-bugs
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
https://github.com/find-sec-bugs/find-sec-bugs
bytecode code-analysis cwe findbugs hacktoberfest java owasp security security-audit static-analysis taint-analysis
Last synced: 29 days ago
JSON representation
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
- Host: GitHub
- URL: https://github.com/find-sec-bugs/find-sec-bugs
- Owner: find-sec-bugs
- License: lgpl-3.0
- Created: 2012-05-17T04:07:57.000Z (over 13 years ago)
- Default Branch: master
- Last Pushed: 2025-06-17T04:37:10.000Z (8 months ago)
- Last Synced: 2026-01-09T09:45:40.738Z (about 1 month ago)
- Topics: bytecode, code-analysis, cwe, findbugs, hacktoberfest, java, owasp, security, security-audit, static-analysis, taint-analysis
- Language: Java
- Homepage: https://find-sec-bugs.github.io/
- Size: 6.98 MB
- Stars: 2,404
- Watchers: 86
- Forks: 484
- Open Issues: 118
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Security: SECURITY.md
Awesome Lists containing this project
- awesome-software-supply-chain-security - Find Security Bugs -  - The SpotBugs plugin for security audits of Java web applications and Android applications. (Static Application Security Testing)
- awesome-java - Find Security Bugs
- awesome-github-repos - find-sec-bugs/find-sec-bugs - The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects) (Java)
- awesome-hacking-lists - find-sec-bugs/find-sec-bugs - The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects) (Java)
- awesome-reverse-engineering - **1235**星
README
# OWASP Find Security Bugs
[](https://github.com/find-sec-bugs/find-sec-bugs/actions/workflows/spotbugs.yml) [](https://codecov.io/gh/find-sec-bugs/find-sec-bugs) [](http://search.maven.org/#search%7Cga%7C1%7Cg%3A%22com.h3xstream.findsecbugs%22%20a%3A%22findsecbugs-plugin%22) [](https://app.slack.com/client/T04T40NHX/CN8G79Y6P)
Find Security Bugs is the [SpotBugs](https://spotbugs.github.io/) plugin for security audits of Java web applications.
Website : http://find-sec-bugs.github.io/
## Main developers
- [Philippe Arteau](https://github.com/h3xstream)
- [David Formánek](https://github.com/formanek)
- [Tomáš Polešovský](https://github.com/topolik) from [Liferay](https://github.com/liferay)
## Notable contributions
- [David Formánek](https://github.com/formanek)
- Major improvements and refactoring on the taint analysis for injections.
- The creation of a detector for hard coded passwords and cryptographic keys.
- [Tomáš Polešovský](https://github.com/topolik)
- Improvements and bug fixes related to the taint analysis.
- [Maxime Nadeau](https://github.com/MaxNad)
- New detectors surrounding the Play Framework and improvements related to Scala.
- [Naoki Kimura](https://github.com/naokikimura)
- Detector for [injection in custom API](http://h3xstream.github.io/find-sec-bugs/bugs.htm#CUSTOM_INJECTION)
- Translation of [messages in Japanese](http://h3xstream.github.io/find-sec-bugs/bugs_ja.htm)
- [Dave Wichers](https://github.com/davewichers)
- Improvement to vulnerability descriptions
## Project Sponsors
The development of Find Security Bugs is supported by [GoSecure](https://github.com/gosecure) since 2016. The support includes the development of new detectors and the research for new vulnerability classes.
## Screenshots
### Eclipse
### IntelliJ / Android Studio
### SonarQube
## License
This software is release under [LGPL](http://www.gnu.org/licenses/lgpl.html).