#1
SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.
3.9K starsJun 13, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add spotbugs/spotbugsAlternatives
Pysonar2 alternatives for AI agents.
Compare similar skills by workflow fit, trust score, quality, GitHub adoption, maintenance, and install readiness.
Current skill
Pysonar2
PySonar2: a semantic indexer for Python with interprocedual type inference
93
Quality
90
Trust
1.4K
Stars
#2
Continuous Inspection
11K starsJun 12, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add SonarSource/sonarqube#3
Checkstyle is a development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Google Java Style Guide and Sun Code Conventions, but is highly configurable. It can be invoked with an ANT task and a command line program.
8.9K starsJun 16, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add checkstyle/checkstyle#4
Catch common Java mistakes as compile-time errors
7.2K starsJun 15, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add google/error-prone#5
A tool to help eliminate NullPointerExceptions (NPEs) in your Java code with low build-time overhead
4.1K starsJun 15, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add uber/NullAway#6
An extensible multilanguage static code analyzer.
5.4K starsJun 12, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add pmd/pmd#7
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
2.4K starsMar 26, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add find-sec-bugs/find-sec-bugs#8
Soot - A Java optimization framework
3.1K starsMay 29, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add soot-oss/soot#9
An easy-to-learn/use static analysis framework for Java and Android
1.8K starsJun 9, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add pascal-lab/Tai-e#10
Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.
16K starsJun 16, 2026 pushdevelopmentOCamlStatic Analysis
$ npx skills add semgrep/semgrep#11
FlowDroid Static Data Flow Tracker
1.3K starsApr 8, 2026 pushdevelopmentJavaStatic Analysis
$ npx skills add secure-software-engineering/FlowDroid#12
A static analyzer for Java, C, C++, and Objective-C
16K starsJun 13, 2026 pushdevelopmentOCamlStatic Analysis
$ npx skills add facebook/infer#13
A PHP static analysis tool for finding errors and security vulnerabilities in PHP applications
5.9K starsJun 11, 2026 pushdevelopmentPHPStatic Analysis
$ npx skills add vimeo/psalm#14
A static code analysis tool for the Elixir language with a focus on code consistency and teaching.
5.2K starsJun 5, 2026 pushdevelopmentElixirStatic Analysis
$ npx skills add rrrene/credo#15
Static Analyzer for Solidity and Vyper
6.3K starsJun 11, 2026 pushdevelopmentPythonStatic Analysis
$ npx skills add crytic/slither#16
CodeCompass is a software comprehension tool for large scale software written in C/C++, C# and Python.
603 starsMay 22, 2026 pushdevelopmentC++Static Analysis
$ npx skills add Ericsson/CodeCompassHow to choose
When should you switch?
Use an alternative when it has a clearer install path, higher trust score, fresher maintenance, or better platform fit for your current agent stack. Keep Pysonar2 if it already passes your workflow test and repository review.
Next step
Compare top candidates side by side
Open the compare page, test the install commands in a sandbox, and check each repository before using a skill in production.