Would anyone be able to recommend a Vulnerability Scanner for a Java Swing application I have to test? My heart is broke trying to get one to work. I have tried sonarcloud but I can't get it to work, I have used it before without problems with some Java programs, sonarqube wont work for me, Junit involves writing code which I would prefer not to have to do. Can anyone help me?
Sorry for posting in the wrong forum, I posted there because I'm a beginner at Java myself. I was looking for static and dynamic analysis, the application I'm trying to test is not a web app, if it was I might have tried zap or burp suite, I tried Sonarqube but couldn't get it to run and I tried firebug in Netbeans but it is no longer supported. I have just managed to get Sonarlint to run. Do you know of any other not to difficult options for a vulnerability scanner?
A quick search for SpotBugs (the successor to the obsolete FindBugs) extensions comes up blank wrt. GUI security. https://find-sec-bugs.github.io/ is for web apps, whereas http://fb-contrib.sourceforge.net/ has some GUI checks, but none for security issues specifcially. Still, it's generally worthwhile to hook SpotBugs into your build pipeline and check its report.