Here are some of the Java Static Analysis tools you should know about: PMD scans Java source code and looks for potential problems.
Problems range from breaking naming conventions and unused code or variables to performance and complexity of code, not forgetting lots of possible bugs.
There are also several patterns that are specific for Android.
There’s also other common things such as hashing methods and DOS vulnerabilities, not forgetting simpler things such as hard coded passwords.
It integrates with Eclipse, Maven, Netbeans, Jenkins, Hudson and Intelli J.
Using Codacy means you’ll get all of these analyses done for you automatically every time you do a commit, plus a list of issues that are expansible to reveal additional detail on the particular problem and how to solve it.