Static program analysis is the analysis of software at compile time without executing it. Static analyzers allow various actors of the Software Development Lifecycle to proactively detect software issues such as security vulnerabilities (e.g., SQL injections), and leaks of private information. However, in the Java world most of the commercial tools perform syntactic analyses providing superficial feedback and their use is often seen as “too much pain, too little gain“.

In this talk, we will discuss and demo various syntactic and semantic static analyses presenting different applications of these tools. We will explore the possibilities new techniques offer from the point of view of efficiency and precision, in particular when it comes to security vulnerability and data leakage detection. Finally, we will look into how these tools can be used to support IT teams’ efforts in complying with the new European GDPR regulation, effective in May 2018.