{}  Find Security Bugs

The SpotBugs plugin for security audits of Java web applications.

(Last updated: March 27th, 2019)


131 bug patterns

It can detect 131 different vulnerability types with over 811 unique API signatures.

Support your frameworks and libraries

Cover popular frameworks including Spring-MVC, Struts, Tapestry and many more.

Integrate with your IDE

Plugins are available for Eclipse, IntelliJ, Android Studio and NetBeans. Command line integration is available with Ant and Maven.

Continuous integration

Can be used with systems such as Jenkins and SonarQube.

OWASP TOP 10 and CWE coverage

Extensive references are given for each bug patterns with references to OWASP Top 10 and CWE.

Open for contributions

The project is open-source and is open for contributions.


Find Security Bugs Eclipse


Find Security Bugs IntelliJ / Android Studio

IntelliJ / Android Studio

Find Security Bugs Sonar Qube

Sonar Qube