KengoTODA
commented
5 years ago https://find-sec-bugs.github.io/ is a good choice. It is a SpotBugs plugin that parses .class files.
https://spotbugs.readthedocs.io/en/stable/ is the official document of SpotBugs, read it to grasp how to use SpotBugs and its plugin.
Hello,
First forgive my noob question as I do not know where else to turn for my question. Anyhow, I am working with a Java application where I do not have the actual source code. I do have directories with several shared libraries and I am contemplating trying to decompile the java apps. My main goal is to find a tool that can list security vulnerabilities. Would this tool be a good fit for me?
Thanks for any advice or comments,
Joe