#1
SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
3.9K starsJun 13, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add spotbugs/spotbugsAlternatives
Find Sec Bugs alternatives for AI agents.
Compare similar skills by workflow fit, trust score, quality, GitHub adoption, maintenance, and install readiness.
Current skill
Find Sec Bugs
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
99
Quality
94
Trust
2.4K
Stars
#2
An extensible multilanguage static code analyzer.
5.4K starsJun 12, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add pmd/pmd#3
Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
8.9K starsJun 16, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add checkstyle/checkstyle#4
The modern Java bytecode editor
7.2K starsJun 15, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add Col-E/Recaf#5
Soot - A Java optimization framework
3.1K starsMay 29, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add soot-oss/soot#6
An easy-to-learn/use static analysis framework for Java and Android
1.8K starsJun 9, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add pascal-lab/Tai-e#7
Spoon is a metaprogramming library to analyze and transform Java source code. :spoon: is made with :heart:, :beers: and :sparkles:. It parses source files to build a well-designed AST with powerful analysis and transformation API.
1.9K starsJun 12, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add INRIA/spoon#8
PySonar2: a semantic indexer for Python with interprocedual type inference
1.4K starsMar 2, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add yinwang0/pysonar2#9
A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
16K starsApr 2, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add Konloch/bytecode-viewer#10
Continuous Inspection
11K starsJun 12, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add SonarSource/sonarqube#11
Catch common Java mistakes as compile-time errors
7.2K starsJun 15, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add google/error-prone#12
A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead
4.1K starsJun 15, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add uber/NullAway#13
Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
1.3K starsMay 24, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add ZupIT/horusec#14
Protect against malicious open source packages 🤖
1.1K starsJun 11, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add safedep/vet#15
Security risk analysis for Kubernetes resources
1.5K starsJun 15, 2026 pushdevelopmentGoStatic Analysis
$ npx skills add controlplaneio/kubesec#16
Jar Analyzer - 一个 JAR 包 GUI 分析工具,内置 AI 助手协助分析,支持 JAR DIFF 分析,方法调用关系搜索,方法调用链 DFS 算法分析,模拟 JVM 的污点分析验证 DFS 结果,字符串搜索,Java Web 组件入口分析,CFG 程序分析,JVM 栈帧分析,自定义表达式搜索等
2.1K starsJun 15, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add jar-analyzer/jar-analyzerHow to choose
When should you switch?
Use an alternative when it has a clearer install path, higher trust score, fresher maintenance, or better platform fit for your current agent stack. Keep Find Sec Bugs if it already passes your workflow test and repository review.
Next step
Compare top candidates side by side
Open the compare page, test the install commands in a sandbox, and check each repository before using a skill in production.