We give a short intro to static security analysis tools for Java and showcase three.

Historically, coding errors have resulted in significant breaches of personally identifiable information and other vulnerabilities (Equifax breach, Log4Shell, Heartbleed). To mitigate such risks in the future, developing secure applications is crucial. Static code analysis emerges as a valuable technique to assist developers in proactively identifying and rectifying security flaws. Leveraging compiler techniques, static analysis can be seamlessly integrated into established development workflows, including IDEs and CI/CD pipelines. We examine 19 static security analysis tools specifically for Java, categorizing them based on their security capabilities and design characteristics. The security features analyzed encompass coding standards adherence, bug detection, software bill of materials generation, secret detection, identification of dangerous API usage, and data flow analysis. From a design perspective, the tools are classified as general-purpose, deep analysis, security-focused, specialized for cryptographic APIs, and other specialized tools.