find-sec-bugs/find-sec-bugs
The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
JavaLGPL-3.0
Issues
- 2
missing bug code for keySECXXEVAL
#693 opened by skirge - 0
- 2
keySECXXEVAL
#732 opened by hazendaz - 0
Update website with new version
#733 opened by ClaudioConsolmagno - 1
Erroneous "`java.lang.ClassNotFoundException`: Exception while looking for class" errors
#692 opened by basil - 1
- 1
Missing artifact in release assets
#730 opened by haerter-tss - 0
- 1
- 2
- 4
- 1
SpringEntityLeakDetector crashes with Map
#706 opened by nchandrashekar79 - 1
SpringEntityLeakDetector crashes with Map
#705 opened by nchandrashekar79 - 2
- 6
Java 21 Support
#723 opened by Jeeppler - 0
Mark java.sql.Statement enquoteIdentifer, enquoteLiteral, and enquoteNCharLiteral SQL_INJECTION_SAFE
#721 opened by jim-bentler - 0
Inconsistency in HTTP_RESPONSE_SPLITTING Rule: Discrepancy in Violation Reporting with Nested Class
#719 opened by soyodream - 0
Inconsistency in COMMAND_INJECTION Rule: Discrepancy in Violation Reporting with Nested Class
#716 opened by soyodream - 0
Inconsistency in SQL_INJECTION_JPA Rule: Discrepancy in Violation Reporting with Nested Class
#718 opened by soyodream - 1
SpotBugs Report Metrics result
#714 opened by chihhung1016 - 0
Replace jwgmeligmeyling/spotbugs-github-action
#720 opened by h3xstream - 8
- 1
- 6
Add CWE Taxonomy to SARIF Report
#688 opened by Jeeppler - 0
java.lang.AssertionError: Out of bounds mutables in static org.apache.druid.indexing.common.task.OverlordCoordinatingSegmentAllocator.lambda
#715 opened by azure247a - 12
Mark sources of Possible JDBC injection as safe
#709 opened by apetrelli - 1
False Negative: String concatenation with char should not consider char to be SAFE
#711 opened by jbindel - 2
java.lang.IllegalStateException
#703 opened by whistlexie - 0
IMPROPER_UNICODE rule does not find `equalsIgnoreCase` usage when used as method reference
#708 opened by Vampire - 0
The current code doesn't support Jakarta namespace (ENTITY_LEAK and other checks don't work)
#704 opened by mrairjan - 0
- 3
how can i modify the severity
#694 opened by TimerZz007 - 2
SpringEntityLeakDetector crashes with array types
#679 opened by gtoison - 0
- 4
Exception during SpringEntityLeakDetector
#685 opened by nkavian - 2
- 1
Path Traversal sink incorrect
#687 opened by jcopenhop - 7
Next Release ETA - 1.12.0
#677 opened by harry-clarke - 5
Java 17 not working
#678 opened by Jeeppler - 1
Interprocedural Taint Analysis?
#675 opened by baloghadamsoftware - 5
dynamic JSP inclusion false positive
#673 opened by miniupnp - 0
Supports org.apache.commons.lang.SerializationUtils
#676 opened by h3xstream - 2
- 0
- 2
- 2
ConstantPasswordDetector: StringIndexOutOfBoundsException: String index out of range: -3
#651 opened by nkavian - 2
So it was cause by bytecode generated by Aspect Oriented Programming (something like AspectJ) ?
#665 opened by j0ck66 - 1
Description glitch
#661 opened by h3xstream - 3
CWE/SANS Top 25
#649 opened by HuaYangFu - 1
False positive on OpenSAML DocumentBuilder
#648 opened by ruud-de-jong