Java Open Review project (JOR) lets open-source projects run audits of their source code using Fortifys source code analysis software. JOR has discovered hundreds of bugs in applications like Tomcat, Zimbra and Java Pet Store. Fortify Source Code Analysis can find more than 120 categories of software security problems, Fortify’s Barmak Meftah said. The JOR analysis will detail about 40 categories, covering “the most egregious types of security vulnerabilities and the types that developers tend to understand most readily””]
Source: https://www.csoonline.com/article/2120688/free-service-scans-for-open-source-java-bugs.html