* Complements a modern Agile process. Foster the tight feedback loops needed in a modern agile environment by introducing security early in the process. * Customizable. Create custom vulnerability rules. Standardize on company-approved guidance and configuration settings. * Reports remotely. View aggregate and individual statistics to quantify how you’ve improved your company’s security over time. * Refreshed regularly. Get updated rules as new vulnerabilities surface. Receive periodic product updates with feature expansion.

* FindBugs looks for bugs in Java programs. It is based on the concept of bug patterns. A bug pattern is a code idiom that is often an error. Bug patterns arise for a variety of reasons: * Difficult language features Misunderstood API methods Misunderstood invariants when code is modified during maintenance Garden variety mistakes: typos, use of the wrong boolean operator * FindBugs uses static analysis to inspect Java bytecode for occurrences of bug patterns. Static analysis means that FindBugs can find bugs by simply inspecting a program's code: executing the program is not necessary. This makes FindBugs very easy to use: in general, you should be able to use it to look for bugs in your code within a few minutes of downloading it. FindBugs works by analyzing Java bytecode (compiled class files), so you don't even need the program's source code to use it. Because its analysis is sometimes imprecise, FindBugs can report false warnings, which are warnings that do not indicate real errors. In practice, the rate of false warnings reported by FindBugs is less than 50%. * FindBugs supports a plugin architecture allowing anyone to add new bug detectors. The publications page contains links to articles describing how to write a new detector for FindBugs. If you are familiar with Java bytecode you can write a new FindBugs detector in as little as a few minutes. * FindBugs is free software, available under the terms of the Lesser GNU Public License. It is written in Java, and can be run with any virtual machine compatible with Sun's JDK 1.5. It can analyze programs written for any version of Java. FindBugs was originally developed by Bill Pugh and David Hovemeyer. It is maintained by Bill Pugh, and a team of volunteers. * FindBugs uses BCEL to analyze Java bytecode. As of version 1.1, FindBugs also supports bug detectors written using the ASM bytecode framework. FindBugs uses dom4j for XML manipulation.