FindBugs is a defect detection tool for Java that uses static analysis to look for more than 200 bug patterns, such as null pointer dereferences, infinite recursive loops, bad uses of the Java libraries and deadlocks. FindBugs can identify hundreds of serious defects in large applications (typically about 1 defect per 1000-2000 lines of non-commenting source statements). FindBugs is open source, and has been downloaded more than 230,000 times, and is used by many major companies and financial institutions.
Findbugs can be used from the command line or within ant, eclipse, maven, netbeans and emacs.
Findbugs is obsolete project. The README of the github says "FindBugs is now SpotBugs"
There are no reported vulnerabilities