SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
Java

Java static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your JAVA code

  • All rules 733
  • Vulnerability60
  • Bug175
  • Security Hotspot40
  • Code Smell458

  • Quick Fix 65
Filtered: 24 rules found
unused
    Impact
      Clean code attribute
        1. Types of unused record components should be removed from pattern matching

           Code Smell
        2. Packages containing only "package-info.java" should be removed

           Code Smell
        3. Collection contents should be used

           Code Smell
        4. Unused "private" classes should be removed

           Code Smell
        5. JUnit rules should be used

           Code Smell
        6. "catch" clauses should do more than rethrow

           Code Smell
        7. Conditionally executed code should be reachable

           Bug
        8. Unused type parameters should be removed

           Code Smell
        9. Files should not be empty

           Code Smell
        10. TestCases should contain tests

           Code Smell
        11. Unnecessary equality checks should not be made

           Bug
        12. Values should not be uselessly incremented

           Bug
        13. Fields in non-serializable classes should not be "transient"

           Code Smell
        14. Related "if/else if" statements should not have the same condition

           Bug
        15. Unused assignments should be removed

           Code Smell
        16. Unused local variables should be removed

           Code Smell
        17. Sections of code should not be commented out

           Code Smell
        18. Unused method parameters should be removed

           Code Smell
        19. Unused "private" methods should be removed

           Code Smell
        20. Exceptions in "throws" clauses should not be superfluous

           Code Smell
        21. Unnecessary imports should be removed

           Code Smell
        22. Empty statements should be removed

           Code Smell
        23. Unused "private" fields should be removed

           Code Smell
        24. Unused labels should be removed

           Code Smell

        Unused "private" fields should be removed

        intentionality - clear
        maintainability
        Code Smell
        Quick FixIDE quick fixes available with SonarQube for IDE
        • unused

        Why is this an issue?

        If a private field is declared but not used locally, its limited visibility makes it dead code.

        This is either a sign that some logic is missing or that the code should be cleaned.

        Cleaning out dead code decreases the size of the maintained codebase, making it easier to understand and preventing bugs from being introduced.

        public class MyClass {
          private int foo = 42; // Noncompliant: foo is unused and should be removed
        
          public int compute(int a) {
            return a * 42;
          }
        
        }
        

        Note that this rule does not take reflection into account, which means that issues will be raised on private fields that are only accessed using the reflection API.

        Exceptions

        The rule admits 3 exceptions:

        • Serialization ID fields

        The Java serialization runtime associates with each serializable class a version number called serialVersionUID, which is used during deserialization to verify that the sender and receiver of a serialized object have loaded classes for that object that are compatible for serialization.

        A serializable class can declare its own serialVersionUID explicitly by declaring a field named serialVersionUID that must be static, final, and of type long. By definition, those serialVersionUID fields should not be reported by this rule:

        public class MyClass implements java.io.Serializable {
          private static final long serialVersionUID = 42L;  // Compliant by exception
        }
        
        • Annotated fields and classes annotated with Lombok annotations

        The unused field in this class will not be reported by the rule as it is annotated, except if annotation class SomeAnnotation is listed in the ignoreAnnotations parameter (see Parameters).

        public class MyClass {
          @SomeAnnotation
          private int unused;  // Compliant by exception
        }
        
        • Fields from classes with native methods

        The unused field in this class will not be reported by the rule as it might be used by native code.

        public class MyClass {
          private int unused = 42;  // Compliant by exception
          private native static void doSomethingNative();
        }
        
          Available In:
        • SonarQube IdeCatch issues on the fly,
          in your IDE
        • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
        • SonarQube Community BuildAnalyze code in your
          on-premise CI
          Available Since
          9.1
        • SonarQube ServerAnalyze code in your
          on-premise CI
          Developer Edition
          Available Since
          9.1

        © 2008-2025 SonarSource SA. All rights reserved.

        Privacy Policy | Cookie Policy | Terms of Use