FindBugs, PMD and Checkstyle are all excellent choices especially if you integrate them into your build process.

FindBugs、PMD 和 Checkstyle 都是很好的选择，尤其是当您将它们集成到您的构建过程中时。

At my last company we also used Fortifyto check for potential security problems. We were fortunate to have an enterprise license so I don't know the cost involved.

在我上一家公司，我们还使用Fortify来检查潜在的安全问题。我们很幸运拥有企业许可证，所以我不知道所涉及的成本。

I recommend FindBugs. http://findbugs.sourceforge.net/Good in assisting to do code review.

我推荐 FindBugs。 http://findbugs.sourceforge.net/擅长协助进行代码。

IntelliJ IDEA from JetBrains. They also do ReSharper in the .Net community.

JetBrains 的 IntelliJ IDEA。他们还在 .Net 社区中做 ReSharper。

• Findbugs
• PMD
• Checkstyle
• Lint4J
• Classycle
• JDepend
• SISSy
• Google Codepro

• 发现错误
• PMD
• 格纹
• 棉绒4J
• 经典
• J依赖
• 娘娘腔
• 谷歌 Codepro

Sonaris a quality control tool. It gauges quality of Java applications through the observance of coding rules conventions, metric measures and advanced indicators.

声纳是一种质量控制工具。它通过遵守编码规则约定、度量标准和高级指标来衡量 Java 应用程序的质量。

Sonar is based on the following projects :

声纳基于以下项目：

• JavaNCSS: Quality Metrics

• Checkstyle: Style Cheking

• PMD: Code scanning for potential errors.

• Cobertura: Test Coverage

• JavaNCSS：质量指标

• Checkstyle: 风格检查

• PMD：代码扫描潜在错误。

• Cobertura：测试覆盖率

You could also use Simianfor duplication detection.

您还可以使用Simian进行重复检测。

All the above are great tools. PMD is probably the most common.

以上都是很好的工具。PMD 可能是最常见的。

Another tool is Enerjy. It recently became free, so you can download it and try for yourself. Enerjy is somewhat more organized and a better fit to larger teams. It makes it easier to customize and share the rules. Personally, I'm not a big fan, but maybe you'll fancy it more than I do.

另一个工具是Enerjy。它最近变得免费，因此您可以下载并亲自试用。Enerjy 更有条理，更适合大型团队。它可以更轻松地自定义和共享规则。就个人而言，我不是一个大粉丝，但也许你会比我更喜欢它。

CRAP4Jis not only an awesome name but it's quite useful. The other good ones are all above, best of all (IMHO) is FindBugs, because it really does find honest-to-goodness bugs right away in a big code base.

CRAP4J不仅是一个很棒的名字，而且非常有用。其他好的都在上面，最重要的是（恕我直言）是 FindBugs，因为它确实可以立即在大型代码库中找到诚实的错误。

Couple of commercial vendors that have a Java offering:

几个提供 Java 产品的商业供应商：

KlocworkCoverity

Klocwork Coverity

They won't "fix the issues" they find (nor will, I believe, any of the other ones mentioned above) but these are all tools that have varying strengths.

他们不会“解决他们发现的问题”（我相信，也不会解决上面提到的任何其他问题），但这些都是具有不同优势的工具。

You can try JavaDepend, it complement other static analysis tools, and provides a CQL language to query code like database,

您可以尝试JavaDepend，它补充了其他静态分析工具，并提供了一种 CQL 语言来查询数据库等代码，

JavaDepend provides also many interactive views to understand the existing code base and more than 82 metrics.

JavaDepend 还提供了许多交互式视图来了解现有代码库和超过 82 个指标。