Java code analysis

Know exactly what's wrong
with your Java app

Upload your project. Get a full audit in 30 seconds — performance, security, architecture, and live runtime profiling.

Start free audit See what it detects

Three audits. One tool.

Pick what you need — or run all three.

Performance & Security

Static analysis on your source code. Detects issues before they hit production.

N+1 queries, unbounded findAll()
Memory leaks, string concat in loops
OWASP Top 10 — full Java coverage
Spring @Transactional anti-patterns
Hardcoded secrets, SQL injection
70+ rules across 8 categories — and more

FreeTry it

NEW

Architecture Audit

Analyses your codebase structure and architecture patterns.

Pattern detection — Layered, Hexagonal, etc.
Complex classes & complex class detection
Circular dependencies between packages
Layer violations — Controller → Repo direct
AI recommendation for target architecture

ProTry it

Live Profiling

A JVM agent attaches to your running app and reports what's actually slow.

Slowest methods — avg, max, total ms
SQL count per method — confirms N+1
Heap & thread monitoring — live
No code changes required
Live dashboard — updates every 5s

ProTry it

4 ways to analyze your code

Pick what fits your workflow.

Easiest

GitHub or ZIP

Paste a GitHub URL or drop a ZIP file. No setup. Results in 30 seconds.

github.com/org/my-java-app

→ audit at joptimize.io

Most private

CLI — code stays local

The CLI runs locally. Only the results are sent — never your source code.

npm i -g @joptimize/cli

joptimize analyze .

✓ Score: 72 · 3 critical

Runtime

JVM Agent — live profiling

Attach a JVM agent to your running app. See what's slow in real time.

joptimize monitor \

--app "java -jar app.jar"

📡 Live session started

🧩

In your IDE

IntelliJ Plugin

Analyze without leaving IntelliJ. Real-time highlights, score dashboard, send results to your dashboard.

# IntelliJ IDEA

Settings → Plugins

→ Search "JOptimize"

Install from Marketplace

Full OWASP Top 10 Java Coverage

SQL injection · Hardcoded secrets · Broken access control · SSRF · Weak crypto · Vulnerable components · and more

A01 Broken Access ControlA02 Cryptographic FailuresA03 InjectionA04 Insecure DesignA05 MisconfigurationA06 Vulnerable ComponentsA07 Auth FailuresA08 Software IntegrityA09 Logging FailuresA10 SSRF

Simple pricing

Two plans. No hidden fees. Cancel anytime.

Free

€0forever

Performance & Security analysis
Dashboard & reports
IntelliJ Plugin (basic)
CLI (basic)
Up to 3 analyses/month

Get started free

Recommended

Pro

€9.99/month

Everything in Free
Architecture audit
Live JVM Profiling
AI summaries on every report
Ask Claude — 150 calls/month
Stack Insights (advanced)
Unlimited analyses & history
PDF export

Get Pro

Secure payment via Paddle · Java is a registered trademark of Oracle Corporation

Ready to audit your Java app?

Upload your project. Get your full report in 30 seconds.

Start free audit

Know exactly what's wrongwith your Java app