21
//java at present/
- Which static security tools do you use?
Most sites don’t use static security tools. It’s a surprise to see how low overall adoption is, con-
sidering the widely publicized costs of security issues. For sites that do use them, the older tools
dominate: Sonatype and Fortify lead the market. Snyk makes its first appearance on our surveys
and provides full automated remediation across many ecosystems. We hope a wider adoption of
security tools will appear in future surveys.
Do use a security tool
Do not use a security tool
Do use a security tool
Do not use a security tool
28%
72%
0% 10% 20% 30% 40%
Other
Coverity
JDepend
Emma
Cobertura
PMD
Checkstyle
FindBugs
SonarQube
8%
6%
3%
2%
8%
15%
39%
27%
23%