No products

Shipping 0,00 €
Tax 0,00 €
Total 0,00 €

Prices are tax included

Cart Check out


Scan2Fix4Java product

Scan2Fix4Java product

Scan2FixJava the java source code analyzer

More details

0,00 € tax incl.


  • analysis of java source code
  • detects violation of developpement rules, respect of security rules (local to 1 file, and for the entiere application)
  • autonomous tool

Integration in development and production environments

  • Sonar provides a multi views dashboard :
    • continous integration (jenkins for ex)
    • source code + unit test (Sonar and Scan2Fix 4CSharp or 4Php or 4VB6 or 4Java)
    • production supervision (IIS logs Scan2Fix4Iis, Windows Stack trace Scan2Fix4Stt)
    • web site qualityaudit (Scan2Fix4Aspx)
  • Sonar Web Server is accessible for all technical actors (developers, project managers, Web integrators, production)
  • Generation of static Html reports : standalone and publishable


Quick and simple installation

  • during the command process, provide the sonar server hostname
  • install a java jre
  • install maven 2 or 3
  • install Sonar (any version)
  • copy the plugin (the download link is provided during the commande process) in SONAR_HOME/extensions/plugins
  • restart the Sonar server
  • under admin / Profiles, activate all the rules in the profile "Default Java Profile")
  • start a Java scan and the violations appear in the Sonar dashboard

Example of pom.xml file

<project xmlns="" xmlns:xsi="" xsi:schemaLocation="">

  • <modelVersion>4.0.0</modelVersion>
  • <groupId>com.qualitesys.wsqualitychecker</groupId>
  • <artifactId>tfs_MEL_2012_06_19_java</artifactId>
  • <version>2012_06_19_01</version>
  • <name>tfs_MEL_2012_06_19_java</name>

  • <properties>
    • <sonar.language>java</sonar.language>
    • <>true</>
  • </properties>

  • <pluginRepositories>
    • <pluginRepository>
      • <id>QualityChecker remote repository</id>
      • <url></url>
    • </pluginRepository>
  • </pluginRepositories>
  • <build>
    • <!-- OBLIGATOIRE -->
    • <sourceDirectory>C:your_dir_to_source_code</sourceDirectory>
    • <plugins>
        • <plugin>
        • <groupId>com.qualitesys.maven.plugins</groupId>
        • <artifactId>qcr-maven-plugin</artifactId>
        • <executions>
          • <execution>
            • <id>PhaseCleanGoalqcrgoalclean</id>
            • <phase>clean</phase>
            • <goals>
              • <goal>qcrgoalclean</goal>
            • </goals>
          • </execution>
          • <execution>
            • <id>PhaseCompileGoalqcrgoalcompile</id>
            • <phase>compile</phase>
            • <goals>
              • <goal>qcrgoalcompile</goal>
            • </goals>
          • </execution>
        • </executions>
      • </plugin>
        • <plugin>
        • <groupId>org.apache.maven.plugins</groupId>
        • <artifactId>maven-site-plugin</artifactId>
        • <version>3.0-beta-3</version>
        • <configuration>
          • <reportPlugins>
            • <plugin>
              • <groupId>org.apache.maven.plugins</groupId>
              • <artifactId>maven-project-info-reports-plugin</artifactId>
              • <version>2.2</version>
            • </plugin>
            • <plugin>
              • <groupId>com.qualitesys.maven.plugins</groupId>
              • <artifactId>qcr-maven-plugin</artifactId>
            • </plugin>
          • </reportPlugins>
        • </configuration>
      • </plugin>
    • </plugins>
  • </build>



Example with Maven only

Nota : the plugin for Sonar is not required. Usage is limited to 5 days.

mvn clean compile site

Maven will generate the static Web site under target/site/index.html

Example with Maven and Sonar

Nota : the plugin for Sonar is not required. It is provided at the validation step of the command process or on explicit request (

mvn clean qcr:qcrgoalclean qcr:qcrgoalcompile compile sonar:sonar


Violations dictionary

QC-JAVCWE078 BLOCKER Potential OS command injection
QC-JAVCWE080 BLOCKER Potential Basic XSS
QC-JAVCWE089 BLOCKER Potential SQL Injection
QC-JAVCWE412 BLOCKER Unrestricted lock of critical ressource, deadlock
QC-JAVCWE470 BLOCKER Use of externally-controlled (unsafe reflection)
QC-JAVCWE572 BLOCKER Call to Thread run() instead of start()
QC-JAV999999 BLOCKER Syntax analysis failure on the source code
QC-JAVCWE096 CRITICAL Insufficient control of directives in statically saved code
QC-JAVCWE476 CRITICAL Null pointer reference
QC-JAVCWE484 CRITICAL Omitted Break Statement in Switch
QC-JAVCWE616 CRITICAL Incomplete identification of uploaded file
QC-JAVCWE390 MAJOR Detection of error condition without action
QC-JAVCWE392 MAJOR Failure to report error in status code
QC-JAVCWE481 MAJOR Assigning instead of comparing
QC-JAVCWE493 MAJOR Critical public variable without final modifier
QC-JAVCWE584 MAJOR Return inside finally block
QC-JAV000001 MAJOR Instance is created within a loop, huge performance impact
QC-JAVCWE252 MINOR Return type of function is not tested
QC-JAVCWE500 MINOR Static public field not marked final
QC-JAVCWE582 MINOR Array declared public, final and static
QC-JAVCWE585 MINOR The software contains an empty synchronized block
QC-JAVCWE626 MINOR Null byte interaction error
QC-JAVCWE627 MINOR Dynamic variable evaluation for variable
QC-JAV999996 INFO Local Cut and Paste Detector in single file

Example of Open Source projects

The H2 project

Url home page :

Result of the analysis of the java code : site.rar


The Jenkins project

Url home page :

Result of the analysis of the java code : site.rar


  • Sonar compatibility Sonar 3.0 to 4.1.2
  • Maven compatibility maven 2&3

Informations After saving your customized product, remember to add it to your cart.


  • Name of the Sonar server*

* required fields