{"id":53367,"date":"2013-08-12T14:30:47","date_gmt":"2013-08-12T14:30:47","guid":{"rendered":"https:\/\/www.checkmarx.com\/?post_type=glossary&#038;p=3497"},"modified":"2024-07-28T07:20:42","modified_gmt":"2024-07-28T07:20:42","slug":"static-code-analysis-for-java","status":"publish","type":"glossary","link":"https:\/\/checkmarx.com\/glossary\/static-code-analysis-for-java\/","title":{"rendered":"Static Code Analysis for Java"},"content":{"rendered":"<p style=\"text-align: left;\">With so many applications being developed in Java, there\u2019s an acute awareness of the importance of application security, and the best way to integrate security into the software development life cycle is though <a href=\"https:\/\/checkmarx.com\/cxsca-open-source-scanning\/\">static code analysis<\/a>. When it comes to static code analysis for Java there are many options to examine the code through plugins \u2013 however not all of these options have the right output for development teams.<\/p>\n<p style=\"text-align: left;\"><span style=\"color: #333333;\"><!--more--><\/span><\/p>\n<p style=\"text-align: left;\">Developers feel their job is to develop code. They find testing somewhat of a chore, and if they don\u2019t get results that can be acted on, or results that are inaccurate (contain many false positives \/ negatives) -they\u2019ll soon find excuses to do something more interesting which means security issues can become engrained in the code. When the final testing is done pre-release \u2013 it can be a serious amount of work to go back and identify those issues and fix them. That costs time and money, and in some cases due to the strict deadlines that have to be met, the product will be shipped off with security vulnerabilities in it.<\/p>\n<p style=\"text-align: left;\">Today&#8217;s leading Static Code Analysis (SCA) solutions\u00a0work by compiling a fully query-able database of all aspects of the code analysis. Fine tuning the scanning to your exact requirements and security policy is very easy, and customers tend to develop their own security standard by combining a few rule packs that come out of the box with some rules that are specific to their application (e.g. OWASP Top 10 2013 + PCI DSS + A few business logic vulnerabilities). Then it\u2019s easy to develop custom reports that present the information that your developers need in a format they can relate to. Results are not only presented in the standard list format, but also in a smart graph visualization that enables pinpointing the exact locations in the code that are most effective to remediate as they eliminate the most vulnerabilities with a single fix. These security scanners, available as\u00a0IDE plugins, are available for the most prominent development environments (e.g. Eclipse) testing becomes less of a chore and more of an informed structured exercise where problems are remedied quickly and efficiently, and the release cycle is less prone to being compromised.<\/p>","protected":false},"excerpt":{"rendered":"<p>With so many applications being developed in Java, there\u2019s an acute awareness of the importance of application security, and the best way to integrate security into the software development life cycle is though static code analysis. When it comes to static code analysis for Java there are many options to examine the code through plugins [&hellip;]<\/p>\n","protected":false},"author":11,"featured_media":0,"template":"","glossary-tags":[],"class_list":["post-53367","glossary","type-glossary","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Static Code Analysis for Java - Checkmarx<\/title>\n<meta name=\"description\" content=\"Static Code Analysis for Java - Eliminate most vulnerabilities with a single fix!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/glossary\/static-code-analysis-for-java\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Static Code Analysis for Java - Checkmarx\" \/>\n<meta property=\"og:description\" content=\"Static Code Analysis for Java - Eliminate most vulnerabilities with a single fix!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/glossary\/static-code-analysis-for-java\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:modified_time\" content=\"2024-07-28T07:20:42+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/glossary\/static-code-analysis-for-java\/\",\"url\":\"https:\/\/checkmarx.com\/glossary\/static-code-analysis-for-java\/\",\"name\":\"Static Code Analysis for Java - Checkmarx\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"datePublished\":\"2013-08-12T14:30:47+00:00\",\"dateModified\":\"2024-07-28T07:20:42+00:00\",\"description\":\"Static Code Analysis for Java - Eliminate most vulnerabilities with a single fix!\",\"breadcrumb\":{\"@id\":\"https:\/\/checkmarx.com\/glossary\/static-code-analysis-for-java\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/glossary\/static-code-analysis-for-java\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/checkmarx.com\/glossary\/static-code-analysis-for-java\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Glossary\",\"item\":\"https:\/\/checkmarx.com\/glossary\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Static Code Analysis for Java\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Static Code Analysis for Java - Checkmarx","description":"Static Code Analysis for Java - Eliminate most vulnerabilities with a single fix!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/glossary\/static-code-analysis-for-java\/","og_locale":"en_US","og_type":"article","og_title":"Static Code Analysis for Java - Checkmarx","og_description":"Static Code Analysis for Java - Eliminate most vulnerabilities with a single fix!","og_url":"https:\/\/checkmarx.com\/glossary\/static-code-analysis-for-java\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_modified_time":"2024-07-28T07:20:42+00:00","twitter_card":"summary_large_image","twitter_site":"@checkmarx","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/glossary\/static-code-analysis-for-java\/","url":"https:\/\/checkmarx.com\/glossary\/static-code-analysis-for-java\/","name":"Static Code Analysis for Java - Checkmarx","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"datePublished":"2013-08-12T14:30:47+00:00","dateModified":"2024-07-28T07:20:42+00:00","description":"Static Code Analysis for Java - Eliminate most vulnerabilities with a single fix!","breadcrumb":{"@id":"https:\/\/checkmarx.com\/glossary\/static-code-analysis-for-java\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/glossary\/static-code-analysis-for-java\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/checkmarx.com\/glossary\/static-code-analysis-for-java\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Glossary","item":"https:\/\/checkmarx.com\/glossary\/"},{"@type":"ListItem","position":2,"name":"Static Code Analysis for Java"}]},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/glossary\/53367","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/glossary"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/glossary"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/11"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/glossary\/53367\/revisions"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=53367"}],"wp:term":[{"taxonomy":"glossary-tags","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/glossary-tags?post=53367"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}