{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,19]],"date-time":"2026-02-19T14:26:06Z","timestamp":1771511166584,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":107,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,30]],"date-time":"2023-11-30T00:00:00Z","timestamp":1701302400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"the National Key R&D Program of China","award":["2021ZD0114501"],"award-info":[{"award-number":["2021ZD0114501"]}]},{"name":"National Research Foundation, Singapore, and the Cyber Security Agency under its National Cyber- security R&D Programme","award":["NCRP25-P04-TAICeN"],"award-info":[{"award-number":["NCRP25-P04-TAICeN"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,30]]},"DOI":"10.1145\/3611643.3616262","type":"proceedings-article","created":{"date-parts":[[2023,11,30]],"date-time":"2023-11-30T23:14:38Z","timestamp":1701386078000},"page":"921-933","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":26,"title":["Comparison and Evaluation on Static Application Security Testing (SAST) Tools for Java"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3517-353X","authenticated-orcid":false,"given":"Kaixuan","family":"Li","sequence":"first","affiliation":[{"name":"East China Normal University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9477-4100","authenticated-orcid":false,"given":"Sen","family":"Chen","sequence":"additional","affiliation":[{"name":"Tianjin University, Tianjin, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2428-9297","authenticated-orcid":false,"given":"Lingling","family":"Fan","sequence":"additional","affiliation":[{"name":"Nankai University, Tianjin, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9080-6865","authenticated-orcid":false,"given":"Ruitao","family":"Feng","sequence":"additional","affiliation":[{"name":"University of New South Wales, Sydney, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-8384-7933","authenticated-orcid":false,"given":"Han","family":"Liu","sequence":"additional","affiliation":[{"name":"East China Normal University, Shanghai, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1175-2753","authenticated-orcid":false,"given":"Chengwei","family":"Liu","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7300-9215","authenticated-orcid":false,"given":"Yang","family":"Liu","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Singapore, Singapore"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1235-5530","authenticated-orcid":false,"given":"Yixiang","family":"Chen","sequence":"additional","affiliation":[{"name":"East China Normal University, Shanghai, China"}]}],"member":"320","published-online":{"date-parts":[[2023,11,30]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2019.110427"},{"key":"e_1_3_2_2_2_1","doi-asserted-by":"publisher","DOI":"10.1556\/606.2021.00454"},{"key":"e_1_3_2_2_3_1","unstructured":"Apache. 2023. Home - Apache Qpid. https:\/\/qpid.apache.org\/index.html (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_4_1","volume-title":"Principles of model checking","author":"Baier Christel","unstructured":"Christel Baier and Joost-Pieter Katoen. 2008. Principles of model checking. MIT press."},{"key":"e_1_3_2_2_5_1","unstructured":"Sindre Beba and Magnus Melseth Karlsen. 2019. Implementation analysis of open-source Static analysis tools for detecting security vulnerabilities. Master\u2019s thesis. NTNU."},{"key":"e_1_3_2_2_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/TR.2019.2937214"},{"key":"e_1_3_2_2_7_1","volume-title":"Jos\u00e9 Fragoso Santos, and Nuno Santos","author":"Brito Tiago","year":"2023","unstructured":"Tiago Brito, Mafalda Ferreira, Miguel Monteiro, Pedro Lopes, Miguel Barros, Jos\u00e9 Fragoso Santos, and Nuno Santos. 2023. Study of JavaScript Static Analysis Tools for Vulnerability Detection in Node. js Packages. arXiv preprint arXiv:2301.05097."},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3433210.3453096"},{"key":"e_1_3_2_2_9_1","unstructured":"Checkstyle. 2022. checkstyle \u2013 Checkstyle 10.6.0. https:\/\/checkstyle.sourceforge.io\/ (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380417"},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3275523"},{"key":"e_1_3_2_2_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3551349.3559524"},{"key":"e_1_3_2_2_13_1","unstructured":"CodeQL. 2022. CodeQL. https:\/\/codeql.github.com\/docs\/codeql-overview\/about-codeql\/ (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_14_1","unstructured":"MITRE corporation. 2023. Common Vulnerabilities and Exposures. https:\/\/cve.mitre.org\/ (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_15_1","unstructured":"Ctags. 2023. Universal Ctags. https:\/\/ctags.io\/ (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_16_1","unstructured":"CVSS V2. 2023. CVSS v2 Complete Documentation. https:\/\/www.first.org\/cvss\/v2\/guide (Accessed on 16\/06\/2023)"},{"key":"e_1_3_2_2_17_1","unstructured":"CVSS V3. 2023. CVSS v3.0 User Guide. https:\/\/www.first.org\/cvss\/v3.0\/user-guide (Accessed on 16\/06\/2023)"},{"key":"e_1_3_2_2_18_1","unstructured":"CWE. 2022. CVE-CWE mapping guidance. https:\/\/cwe.mitre.org\/documents\/cwe_usage\/guidance.html (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_19_1","unstructured":"CWE. 2022. CWE-1000: Research Concepts. https:\/\/cwe.mitre.org\/data\/definitions\/1000.html (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_20_1","unstructured":"CWE. 2022. CWE-Compatible Products and Services. https:\/\/cwe.mitre.org\/compatible\/compatible.html (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_21_1","unstructured":"CWE. 2023. CWE-View - CWE Glossary. https:\/\/cwe.mitre.org\/documents\/glossary\/index.html#View (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_22_1","unstructured":"CWE. 2023. Pillar WeaknessCWE Glossary. https:\/\/cwe.mitre.org\/documents\/glossary\/index.html (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/EDCC51268.2020.00025"},{"key":"e_1_3_2_2_24_1","unstructured":"Debian. 2023. Debian \u2013 The Universal Operating System. https:\/\/www.debian.org\/ (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_25_1","unstructured":"Common Weakness Enumeration. 2022. Common Weakness Enumeration. https:\/\/cwe.mitre.org\/index.html (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180222"},{"key":"e_1_3_2_2_27_1","unstructured":"FasterXML. 2020. jackson-dataformats-binary. https:\/\/mvnrepository.com\/artifact\/com.fasterxml.jackson.dataformat\/jackson-dataformats-binary (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_28_1","unstructured":"Forum of Incident Response and Security Teams. 2023. Common Vulnerability Scoring System SIG. https:\/\/www.first.org\/cvss\/ (Accessed on 12\/06\/2023)"},{"key":"e_1_3_2_2_29_1","unstructured":"The Apache Software Foundation. 2023. Maven \u2013 Welcome to Apache Maven. https:\/\/maven.apache.org\/ (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_30_1","unstructured":"The OWASP Foundation. 2020. OWASP-Top-Ten-Benchmark 2020. https:\/\/github.com\/jrbermh\/OWASP-Top-Ten-Benchmark (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_31_1","unstructured":"The OWASP Foundation. 2022. OWASP Benchmark. https:\/\/owasp.org\/www-project-benchmark\/ (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_32_1","unstructured":"The OWASP Foundation. 2023. OWASP Dependency-Check. https:\/\/owasp.org\/www-project-dependency-check\/ (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_33_1","unstructured":"The OWASP Foundation. 2023. Software Component Analysis. https:\/\/owasp.org\/www-community\/Component_Analysis (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_34_1","unstructured":"GitHub. 2022. Awesome static analysis. https:\/\/github.com\/mre\/awesome-static-analysis#multiple-languages-1 (Accessed on 22\/08\/2022)"},{"key":"e_1_3_2_2_35_1","unstructured":"GitHub. 2022. GitHub-analysis-tools-dev. https:\/\/github.com\/analysis-tools-dev\/static-analysis#java (Accessed on 22\/08\/2022)"},{"key":"e_1_3_2_2_36_1","unstructured":"GitHub. 2023. GitHub code scanning. https:\/\/github.blog\/2022-08-15-the-next-step-for-lgtm-com-github-code-scanning\/ (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_37_1","unstructured":"GitHub. 2023. Gitleaks. https:\/\/gitleaks.io\/ (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_38_1","unstructured":"Google. 2022. Error Prone. https:\/\/errorprone.info\/ (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_39_1","unstructured":"Google. 2023. Google-java-format.. https:\/\/github.com\/google\/google-java-format (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_40_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2015.08.002"},{"key":"e_1_3_2_2_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3238213"},{"key":"e_1_3_2_2_42_1","unstructured":"HCL. 2023. HCL AppScan CodeSweep. https:\/\/marketplace.visualstudio.com\/items?itemName=HCLTechnologies.hclappscancodesweep (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.asoc.2017.10.047"},{"key":"e_1_3_2_2_44_1","unstructured":"Insidersec. 2022. Insider. https:\/\/github.com\/insidersec\/insider (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510214"},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2020.04.217"},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/161494.161501"},{"key":"e_1_3_2_2_48_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2022.111575"},{"key":"e_1_3_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319008.3319011"},{"key":"e_1_3_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534380"},{"key":"e_1_3_2_2_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597926.3598056"},{"key":"e_1_3_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-021-10013-5"},{"key":"e_1_3_2_2_53_1","unstructured":"Maven. 2023. Jackson Databind. https:\/\/mvnrepository.com\/artifact\/com.fasterxml.jackson.core\/jackson-databind (Accessed on 16\/06\/2023)"},{"key":"e_1_3_2_2_54_1","unstructured":"Meta. 2023. Infer Static Analyzer. https:\/\/fbinfer.com\/ (Accessed on 1\/06\/2023)"},{"key":"e_1_3_2_2_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460319.3464823"},{"key":"e_1_3_2_2_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3534374"},{"key":"e_1_3_2_2_57_1","unstructured":"National Vulnerability Database. 2023. NVD-Home. https:\/\/nvd.nist.gov\/ (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_58_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102470"},{"key":"e_1_3_2_2_59_1","unstructured":"Flemming Nielson Hanne R Nielson and Chris Hankin. 2015. Principles of program analysis. springer."},{"key":"e_1_3_2_2_60_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00607-018-0664-z"},{"key":"e_1_3_2_2_61_1","unstructured":"NVD. 2014. CVE-2014-3651. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2014-3651 (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_62_1","unstructured":"NVD. 2015. CVE-2015-2913. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2015-2913 (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_63_1","unstructured":"NVD. 2018. CVE-2018-17187. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-17187 (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_64_1","unstructured":"NVD. 2018. CVE-2018-20227. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-20227 (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_65_1","unstructured":"NVD. 2019. CVE-2019-18393. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-18393 (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_66_1","unstructured":"NVD. 2021. Log4Shell: CVE-2021-44228. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-44228 (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_67_1","unstructured":"NVD. 2022. Spring4Shell: CVE-2022-22965. https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2022-22965 (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_68_1","unstructured":"The University of Maryland. 2022. FindBugs. http:\/\/findbugs.sourceforge.net\/ (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_69_1","unstructured":"The University of Maryland. 2022. FindSecurityBugs. https:\/\/find-sec-bugs.github.io\/ (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_70_1","unstructured":"The University of Maryland. 2022. SpotBugs. https:\/\/spotbugs.github.io\/ (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_71_1","unstructured":"National Institute of Standards and Technology. 2017. Juliet Test Suite. https:\/\/samate.nist.gov\/SARD\/test-suites (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_72_1","volume-title":"NIST: Free for Open Source Application Security Tools. https:\/\/www.nist.gov\/itl\/ssd\/software-quality-group\/source-code-security-analyzers (Accessed on 22\/08\/2022)","author":"National Institute of Standards and Technology.","year":"2022","unstructured":"National Institute of Standards and Technology. 2022. NIST: Free for Open Source Application Security Tools. https:\/\/www.nist.gov\/itl\/ssd\/software-quality-group\/source-code-security-analyzers (Accessed on 22\/08\/2022)"},{"key":"e_1_3_2_2_73_1","volume-title":"SAMATE: Source Code Security Analyzers. https:\/\/www.nist.gov\/itl\/ssd\/software-quality-group\/source-code-security-analyzers (Accessed on 22\/08\/2022)","author":"National Institute of Standards and Technology.","year":"2022","unstructured":"National Institute of Standards and Technology. 2022. SAMATE: Source Code Security Analyzers. https:\/\/www.nist.gov\/itl\/ssd\/software-quality-group\/source-code-security-analyzers (Accessed on 22\/08\/2022)"},{"key":"e_1_3_2_2_74_1","unstructured":"Opensecurity. 2022. NodeJSScan. https:\/\/github.com\/ajinabraham\/nodejsscan (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_75_1","unstructured":"OpenSSF. 2020. OpenSSF CVE Benchmark. https:\/\/github.com\/ossf-cve-benchmark\/ossf-cve-benchmark (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_76_1","unstructured":"OpenSSF. 2022. Open Source Security Foundation. https:\/\/openssf.org\/ (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_77_1","unstructured":"OWASP. 2022. Free for Open Source Application Security Tools. https:\/\/owasp.org\/www-community\/Free_for_Open_Source_Application_Security_Tools (Accessed on 22\/08\/2022)"},{"key":"e_1_3_2_2_78_1","unstructured":"OWASP. 2022. Source Code Analysis Tools. https:\/\/owasp.org\/www-community\/Source_Code_Analysis_Tools (Accessed on 22\/08\/2022)"},{"key":"e_1_3_2_2_79_1","unstructured":"oxsecurity. 2023. Megalinter. https:\/\/github.com\/oxsecurity\/megalinter (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_80_1","volume-title":"Agile Processes in Software Engineering and Extreme Programming","author":"Oyetoyan Tosin Daniel","unstructured":"Tosin Daniel Oyetoyan, Bisera Milosheska, Mari Grini, and Daniela Soares Cruzes. 2018. Myths and Facts About Static Application Security Testing Tools: An Action Research at Telenor Digital. In Agile Processes in Software Engineering and Extreme Programming, Juan Garbajosa, Xiaofeng Wang, and Ademar Aguiar (Eds.). Springer International Publishing, Cham. 86\u2013103. isbn:978-3-319-91602-6"},{"key":"e_1_3_2_2_81_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSGEA.2019.00131"},{"key":"e_1_3_2_2_82_1","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3236029"},{"key":"e_1_3_2_2_83_1","unstructured":"PMD. 2023. PMD. https:\/\/pmd.github.io\/ (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_84_1","doi-asserted-by":"publisher","DOI":"10.1145\/3213846.3213873"},{"key":"e_1_3_2_2_85_1","unstructured":"R2C. 2022. Semgrep. https:\/\/www.semgrep.dev\/ (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_86_1","unstructured":"RedHat. 2018. What is DevSecOps? https:\/\/www.redhat.com\/en\/topics\/devops\/what-is-devsecops (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_87_1","unstructured":"RedHat. 2023. Red Hat Bugzilla Main Page. https:\/\/bugzilla.redhat.com\/ (Accessed on 31\/05\/2023)"},{"key":"e_1_3_2_2_88_1","unstructured":"Reshift. 2023. Reshift. https:\/\/www.softwaresecured.com\/ (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_89_1","unstructured":"Aqua Security. 2023. Trivy. https:\/\/trivy.dev\/ (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_90_1","unstructured":"Contrast Security. 2022. Contrast Security. https:\/\/www.contrastsecurity.com\/ (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_91_1","volume-title":"When do changes induce fixes? ACM sigsoft software engineering notes, 30, 4","author":"\u015aliwerski Jacek","year":"2005","unstructured":"Jacek \u015aliwerski, Thomas Zimmermann, and Andreas Zeller. 2005. When do changes induce fixes? ACM sigsoft software engineering notes, 30, 4 (2005), 1\u20135."},{"key":"e_1_3_2_2_92_1","volume-title":"Proceedings of the Sixteenth USENIX Conference on Usable Privacy and Security (SOUPS\u201920)","author":"Smith Justin","year":"2020","unstructured":"Justin Smith, Lisa Nguyen Quang Do, and Emerson Murphy-Hill. 2020. Why Can\u2019t Johnny Fix Vulnerabilities: A Usability Evaluation of Static Analysis Tools for Security. In Proceedings of the Sixteenth USENIX Conference on Usable Privacy and Security (SOUPS\u201920). USENIX Association, USA. Article 13, 18 pages. isbn:978-1-939133-16-8"},{"key":"e_1_3_2_2_93_1","unstructured":"SonarSource. 2022. SonarQube. https:\/\/www.sonarqube.org\/ (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_94_1","unstructured":"Spark. 2018. spark\/src\/main\/java\/spark\/resource\/ClassPathResource.java at 27236534e90bd2bfe339fd65fe6ddd6a9f0304e1. https:\/\/github.com\/perwendel\/spark\/blob\/030e9d00125cbd1ad759668f85488aba1019c668 1\/src\/main\/java\/spark\/resource\/ClassPathResource.java (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_95_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2006.64"},{"key":"e_1_3_2_2_96_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2020.3013438"},{"key":"e_1_3_2_2_97_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10515-014-0169-8"},{"key":"e_1_3_2_2_98_1","doi-asserted-by":"publisher","DOI":"10.1145\/2351676.2351685"},{"key":"e_1_3_2_2_99_1","unstructured":"TIOBE. 2023. The Java Programming Language-TIOBE. https:\/\/www.tiobe.com\/tiobe-index\/java\/ (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_100_1","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3275439"},{"key":"e_1_3_2_2_101_1","doi-asserted-by":"publisher","DOI":"10.5220\/0005032902440252"},{"key":"e_1_3_2_2_102_1","unstructured":"Website of This Study. 2023. Comparison and Evaluation on Static Application Security Testing (SAST) Tools for Java. https:\/\/sites.google.com\/view\/java-sast-study\/home (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_103_1","unstructured":"Website of This Study. 2023. Tools Selection. https:\/\/sites.google.com\/view\/java-sast-study\/tool-selection (Accessed on 31\/01\/2023)"},{"key":"e_1_3_2_2_104_1","unstructured":"Wikipedia. 2022. List of tools for static code analysis. https:\/\/en.wikipedia.org\/wiki\/List_of_tools_for_static_code_analysis (Accessed on 22\/08\/2022)"},{"key":"e_1_3_2_2_105_1","unstructured":"Wikipedia. 2023. Linter-Wikipedia. https:\/\/en.wikipedia.org\/wiki\/Lint_(software) (Accessed on 22\/06\/2023)"},{"key":"e_1_3_2_2_106_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2006.38"},{"key":"e_1_3_2_2_107_1","unstructured":"Zupit. 2022. Horusec. https:\/\/docs.horusec.io\/docs\/overview\/ (Accessed on 31\/01\/2023)"}],"event":{"name":"ESEC\/FSE '23: 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering","location":"San Francisco CA USA","acronym":"ESEC\/FSE '23","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"]},"container-title":["Proceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3611643.3616262","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3611643.3616262","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:36:03Z","timestamp":1750178163000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3611643.3616262"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,30]]},"references-count":107,"alternative-id":["10.1145\/3611643.3616262","10.1145\/3611643"],"URL":"https:\/\/doi.org\/10.1145\/3611643.3616262","relation":{},"subject":[],"published":{"date-parts":[[2023,11,30]]},"assertion":[{"value":"2023-11-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}