|  Checker  |  Guideline  | 
|---|
| FB.BAD_PRACTICE.DE_MIGHT_IGNORE | ERR00-J. Do not suppress or ignore checked exceptions | 
| FB.BAD_PRACTICE.DM_EXIT | ERR09-J. Do not allow untrusted code to terminate the JVM | 
| FB.BAD_PRACTICE.EQ_GETCLASS_AND_CLASS_CONSTANT | MET08-J. Preserve the equality contract when overriding the equals() method | 
| FB.BAD_PRACTICE.FI_EMPTY | MET12-J. Do not use finalizers | 
| FB.BAD_PRACTICE.FI_EXPLICIT_INVOCATION | MET12-J. Do not use finalizers | 
| FB.BAD_PRACTICE.FI_FINALIZER_NULLS_FIELDS | MET12-J. Do not use finalizers | 
| FB.BAD_PRACTICE.FI_FINALIZER_ONLY_NULLS_FIELDS | MET12-J. Do not use finalizers | 
| FB.BAD_PRACTICE.FI_MISSING_SUPER_CALL | MET12-J. Do not use finalizers | 
| FB.BAD_PRACTICE.FI_NULLIFY_SUPER | MET12-J. Do not use finalizers | 
| FB.BAD_PRACTICE.FI_USELESS | MET12-J. Do not use finalizers | 
| FB.BAD_PRACTICE.NP_BOOLEAN_RETURN_NULL | EXP01-J. Do not use a null in a case where an object is required | 
| FB.BAD_PRACTICE.NP_CLONE_COULD_RETURN_NULL | EXP01-J. Do not use a null in a case where an object is required | 
| FB.BAD_PRACTICE.NP_EQUALS_SHOULD_HANDLE_NULL_ARGUMENT | EXP01-J. Do not use a null in a case where an object is required | 
| FB.BAD_PRACTICE.NP_TOSTRING_COULD_RETURN_NULL | EXP01-J. Do not use a null in a case where an object is required | 
| FB.CORRECTNESS.BOA_BADLY_OVERRIDDEN_ADAPTER | MET07-J. Never declare a class method that hides a method declared in a superclass or superinterface | 
|  | 
|---|
| JAVA.ALLOC.LEAK.NOTCLOSED | FIO04-J. Release resources when they are no longer needed | 
| JAVA.ALLOC.LEAK.NOTSTORED | FIO04-J. Release resources when they are no longer needed | 
| JAVA.ALLOC.LEAK.NOTSTORED | SER10-J. Avoid memory and resource leaks during serialization | 
| JAVA.ALLOC.LEAK.NOTSTORED | MSC05-J. Do not exhaust heap space | 
| JAVA.ARITH.FPEQUAL | NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data | 
| JAVA.ARITH.OFLOW | NUM00-J. Detect or prevent integer overflow | 
| JAVA.CAST.FTRUNC | NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data | 
| JAVA.CAST.FTRUNC | NUM13-J. Avoid loss of precision when converting primitive integers to floating-point | 
| JAVA.CLASS.ACCESS.BYPASS | SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields | 
| JAVA.CLASS.ACCESS.MODIFY | SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields | 
| JAVA.CLASS.CLONE.CCSM | MET53-J. Ensure that the clone() method calls super.clone() | 
| JAVA.CLASS.CLONE.CNC | OBJ07-J. Sensitive classes must not let themselves be copied | 
| JAVA.CLASS.CLONE.NF | OBJ07-J. Sensitive classes must not let themselves be copied | 
| JAVA.CLASS.CLONE.SCNC | OBJ07-J. Sensitive classes must not let themselves be copied | 
| JAVA.CLASS.ICSBS | OBJ08-J. Do not expose private members of an outer class from within a nested class | 
| JAVA.CLASS.MCS | MET53-J. Ensure that the clone() method calls super.clone() | 
| JAVA.CLASS.SER.ND | SER01-J. Do not deviate from the proper signatures of serialization methods | 
| JAVA.CLASS.SER.ND | SER03-J. Do not serialize unencrypted sensitive data | 
| JAVA.CLASS.SER.ND | SER06-J. Make defensive copies of private mutable components during deserialization | 
| JAVA.CLASS.SER.ND | SER07-J. Do not use the default serialized form for classes with implementation-defined invariants | 
| JAVA.CLASS.SER.ND | SER12-J. Prevent deserialization of untrusted data | 
| JAVA.CLASS.SER.UIDM | SER00-J. Enable serialization compatibility during class evolution | 
| JAVA.CLASS.UI | SER10-J. Avoid memory and resource leaks during serialization | 
| JAVA.CLASS.UI | MSC05-J. Do not exhaust heap space | 
| JAVA.COMPARE.CTO.ASSYM | MET08-J. Preserve the equality contract when overriding the equals() method | 
| JAVA.COMPARE.EMPTYSTR | EXP03-J. Do not use the equality operators when comparing values of boxed primitives | 
| JAVA.COMPARE.EQ | EXP02-J. Do not use the Object.equals() method to compare two arrays | 
| JAVA.COMPARE.EQ | EXP03-J. Do not use the equality operators when comparing values of boxed primitives | 
| JAVA.COMPARE.EQARRAY FB.CORRECTNESS.EC_BAD_ARRAY_COMPARE | EXP02-J. Do not use the Object.equals() method to compare two arrays | 
| FB.CORRECTNESS.EQ_COMPARING_CLASS_NAMES | OBJ09-J. Compare classes and not class names | 
| FB.CORRECTNESS.FE_TEST_IF_EQUAL_TO_NOT_A_NUMBER | NUM07-J. Do not attempt comparisons with NaN | 
| FB.CORRECTNESS.HE_SIGNATURE_DECLARES_HASHING_OF_UNHASHABLE_CLASS | MET09-J. Classes that define an equals() method must also define a hashCode() method | 
| FB.CORRECTNESS.HE_USE_OF_UNHASHABLE_CLASS | MET09-J. Classes that define an equals() method must also define a hashCode() method | 
| FB.CORRECTNESS.NP_ALWAYS_NULL | EXP01-J. Do not use a null in a case where an object is required | 
| FB.CORRECTNESS.NP_ALWAYS_NULL_EXCEPTION | EXP01-J. Do not use a null in a case where an object is required | 
| FB.CORRECTNESS.NP_ARGUMENT_MIGHT_BE_NULL | EXP01-J. Do not use a null in a case where an object is required | 
| FB.CORRECTNESS.NP_CLOSING_NULL | EXP01-J. Do not use a null in a case where an object is required | 
|  | 
| JAVA.COMPARE.EQARRAY | EXP03-J. Do not use the equality operators when comparing values of boxed primitives | 
| JAVA.CONCURRENCY.LOCK.DCL | LCK10-J. Use a correct form of the double-checked locking idiom | 
| JAVA.CONCURRENCY.LOCK.ICS | VNA00-J. Ensure visibility when accessing shared primitive variables | 
| JAVA.CONCURRENCY.LOCK.ISTR | LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code | 
| JAVA.CONCURRENCY.LOCK.SCTB | THI00-J. Do not invoke Thread.run() | 
| JAVA.CONCURRENCY.LOCK.STATIC | VNA00-J. Ensure visibility when accessing shared primitive variables | 
| JAVA.CONCURRENCY.STARVE.BLOCKING | LCK09-J. Do not perform operations that can block while holding a lock | 
| JAVA.CONCURRENCY.SYNC.MSS | VNA00-J. Ensure visibility when accessing shared primitive variables | 
| JAVA.CONCURRENCY.UG.FIELD | VNA00-J. Ensure visibility when accessing shared primitive variables | 
| JAVA.CONCURRENCY.UG.METH | LCK05-J. Synchronize access to static fields that can be modified by untrusted code | 
| JAVA.CONCURRENCY.UG.PARAM | VNA00-J. Ensure visibility when accessing shared primitive variables | 
| JAVA.CONCURRENCY.VOLATILE | VNA00-J. Ensure visibility when accessing shared primitive variables | 
| JAVA.CONCURRENCY.VOLATILE | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic | 
| JAVA.CRYPTO.BASE64 | MSC02-J. Generate strong random numbers | 
| JAVA.CRYPTO.RA | MSC02-J. Generate strong random numbers | 
| JAVA.CRYPTO.RCF | MSC02-J. Generate strong random numbers | 
| JAVA.CRYPTO.RF | MSC02-J. Generate strong random numbers | 
| JAVA.CRYPTO.WHAF | MSC02-J. Generate strong random numbers | 
| JAVA.DEBUG.CALL | ERR09-J. Do not allow untrusted code to terminate the JVM | 
| JAVA.DEBUG.CEDF | ENV06-J. Production code must not contain debugging entry points | 
| JAVA.DEBUG.LOG | ERR02-J. Prevent exceptions while logging data | 
| JAVA.DEBUG.MEDF | ENV06-J. Production code must not contain debugging entry points | 
| JAVA.DEEPNULL.FB.CORRECTNESS.NP_GUARANTEED_DEREF | EXP01-J. Do not use a null in a case where an object is required | 
| FB JAVA.CORRECTNESS.NP_GUARANTEED_DEREF_ON_EXCEPTION_PATHDEEPNULL.EFIELD | EXP01-J. Do not use a null in a case where an object is required | 
| FB JAVA.CORRECTNESSDEEPNULL.NP_NONNULL_FIELD _NOT_INITIALIZED_IN_CONSTRUCTOR | EXP01-J. Do not use a null in a case where an object is required | 
| FB JAVA.CORRECTNESSDEEPNULL.NP_NONNULL_PARAM_VIOLATIONPARAM.ACTUAL | EXP01-J. Do not use a null in a case where an object is required | 
| FB JAVA.DEEPNULL.CORRECTNESS.NP_NONNULL_RETURN_VIOLATIONPARAM.EACTUAL | EXP01-J. Do not use a null in a case where an object is required | 
| FB JAVA.DEEPNULL.CORRECTNESS.NP_NULL_ON_SOME_PATHRET.EMETH | EXP01-J. Do not use a null in a case where an object is required | 
| FB JAVA.DEEPNULL.CORRECTNESS.NP_NULL_ON_SOME_PATH_EXCEPTIONRET.METH | EXP01-J. Do not use a null in a case where an object is required | 
| FB JAVA.CORRECTNESS.NP_NULL_PARAM_DEREFFUNCS.IRV | EXP00EXP01-J. Do not  use a null in a case where an object is required | 
| FB.CORRECTNESS.NP_NULL_PARAM_DEREF_ALL_TARGETS_DANGEROUS | EXP01-J. Do not use a null in a case where an object is required | 
| FB.CORRECTNESS.NP_NULL_PARAM_DEREF_NONVIRTUAL | EXP01-J. Do not use a null in a case where an object is required | 
| FB.CORRECTNESS.NP_STORE_INTO_NONNULL_FIELD | EXP01-J. Do not use a null in a case where an object is required | 
| FB.CORRECTNESS.NP_UNWRITTEN_FIELD | EXP01-J. Do not use a null in a case where an object is required | 
| ignore values returned by methods | 
| JAVA.FUNCS.IRV | FIO02-J. Detect and handle file-related errors | 
| JAVA.HARDCODED.PASSWD | MSC03-J. Never hard code sensitive information | 
| JAVA.HARDCODED.SEED | MSC02-J. Generate strong random numbers | 
| JAVA.IDEF.CTOEQ | MET08-J. Preserve the equality contract when overriding the equals() method | 
| JAVA.IDEF.CTONOEQ FB.CORRECTNESS.OVERRIDING_EQUALS_NOT_SYMMETRIC | MET08-J. Preserve the equality contract when overriding the equals() method | 
| FB JAVA.CORRECTNESS.RCN_REDUNDANT_NULLCHECK_WOULD_HAVE_BEEN_A_NPE | EXP01-J. Do not use a null in a case where an object is required | 
| FB.I18N.DM_CONVERT_CASE | STR02-J. Specify an appropriate locale when comparing locale-dependent data | 
| FB.I18N.DM_DEFAULT_ENCODING | STR02-J. Specify an appropriate locale when comparing locale-dependent data | 
| FB.MALICIOUS_CODE.EI_EXPOSE_REP | OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code | 
| FB.MALICIOUS_CODE.EI_EXPOSE_REP2 | OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code | 
| FB.MALICIOUS_CODE.EI_EXPOSE_STATIC_REP2 | OBJ06-J. Defensively copy mutable inputs and mutable internal components | 
| FB.MALICIOUS_CODE.FI_PUBLIC_SHOULD_BE_PROTECTED | MET12-J. Do not use finalizers | 
| FB.MALICIOUS_CODE.MS_SHOULD_BE_FINAL | OBJ10-J. Do not use public static nonfinal fields | 
| FB.MALICIOUS_CODE.MS_SHOULD_BE_REFACTORED_TO_BE_FINAL | OBJ10-J. Do not use public static nonfinal fields | 
| FB.MT_CORRECTNESS.DC_DOUBLECHECK | LCK10-J. Use a correct form of the double-checked locking idiom | 
| FB.MT_CORRECTNESS.DL_SYNCHRONIZATION_ON_BOOLEAN | LCK01-J. Do not synchronize on objects that may be reused | 
| FB.MT_CORRECTNESS.DL_SYNCHRONIZATION_ON_BOXED_PRIMITIVE | LCK01-J. Do not synchronize on objects that may be reused | 
| FB.MT_CORRECTNESS.DL_SYNCHRONIZATION_ON_SHARED_CONSTANT | LCK01-J. Do not synchronize on objects that may be reused | 
| FB.MT_CORRECTNESS.IS2_INCONSISTENT_SYNC | VNA02-J. Ensure that compound operations on shared variables are atomic | 
| FB.MT_CORRECTNESS.IS2_INCONSISTENT_SYNC | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic | 
| FB.MT_CORRECTNESS.IS_FIELD_NOT_GUARDED | VNA02-J. Ensure that compound operations on shared variables are atomic | 
| FB.MT_CORRECTNESS.IS_FIELD_NOT_GUARDED | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic | 
| FB.MT_CORRECTNESS.NO_NOTIFY_NOT_NOTIFYALL | THI02-J. Notify all waiting threads rather than a single thread | 
| FB.MT_CORRECTNESS.RU_INVOKE_RUN | THI00-J. Do not invoke Thread.run() | 
| FB.MT_CORRECTNESS.SC_START_IN_CTOR | TSM02-J. Do not use background threads during class initialization | 
| FB.MT_CORRECTNESS.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE | VNA02-J. Ensure that compound operations on shared variables are atomic | 
| FB.MT_CORRECTNESS.STCAL_INVOKE_ON_STATIC_CALENDAR_INSTANCE | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic | 
| FB.MT_CORRECTNESS.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE | VNA02-J. Ensure that compound operations on shared variables are atomic | 
| FB.MT_CORRECTNESS.STCAL_INVOKE_ON_STATIC_DATE_FORMAT_INSTANCE | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic | 
| FB.MT_CORRECTNESS.STCAL_STATIC_CALENDAR_INSTANCE | VNA02-J. Ensure that compound operations on shared variables are atomic | 
| FB.MT_CORRECTNESS.STCAL_STATIC_CALENDAR_INSTANCE | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic | 
| FB.MT_CORRECTNESS.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE | VNA02-J. Ensure that compound operations on shared variables are atomic | 
| FB.MT_CORRECTNESS.STCAL_STATIC_SIMPLE_DATE_FORMAT_INSTANCE | VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic | 
| FB.MT_CORRECTNESS.SWL_SLEEP_WITH_LOCK_HELD | LCK09-J. Do not perform operations that can block while holding a lock | 
| FB.MT_CORRECTNESS.WA_AWAIT_NOT_IN_LOOP | THI03-J. Always invoke wait() and await() methods inside a loop | 
| FB.MT_CORRECTNESS.WA_NOT_IN_LOOP | THI03-J. Always invoke wait() and await() methods inside a loop | 
| FB.SECURITY.DMI_CONSTANT_DB_PASSWORD | MSC03-J. Never hard code sensitive information | 
| FB.SECURITY.DMI_EMPTY_DB_PASSWORD | MSC03-J. Never hard code sensitive information | 
| FB.SECURITY.SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE | IDS00-J. Prevent SQL injection | 
| FB.SECURITY.SQL_PREPARED_STATEMENT_GENERATED_ | IDS00-J. Prevent SQL injection | 
| FB.STYLE.IC_INIT_CIRCULARITY | DCL00-J. Prevent class initialization cycles | 
| IDEF.EQUALSNOHC | MET09-J. Classes that define an equals() method must also define a hashCode() method | 
| JAVA.IDEF.HCNOEQUALS | MET09-J. Classes that define an equals() method must also define a hashCode() method | 
| JAVA.IDEF.NOEQUALS | MET08-J. Preserve the equality contract when overriding the equals() method | 
| JAVA.INSEC.LDAP.DA | ENV01-J. Place all security-sensitive code in a single JAR and sign and seal it | 
| JAVA.IO.INJ.ANDROID.MESSAGE | SER02-J. Sign then seal objects before sending them outside a trust boundary | 
| JAVA.IO.INJ.ANDROID.MESSAGE | SEC06-J. Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar | 
| JAVA.IO.INJ.CODE | IDS14-J. Do not trust the contents of hidden form fields | 
| JAVA.IO.INJ.COMMAND | IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method | 
| JAVA.IO.INJ.COMMAND | IDS14-J. Do not trust the contents of hidden form fields | 
| JAVA.IO.INJ.DENIAL | IDS14-J. Do not trust the contents of hidden form fields | 
| JAVA.IO.INJ.DLL | IDS14-J. Do not trust the contents of hidden form fields | 
| JAVA.IO.INJ.SQL | IDS00-J. Prevent SQL injection | 
| JAVA.IO.INJ.SQL | IDS14-J. Do not trust the contents of hidden form fields | 
| JAVA.IO.INJ.XSS | IDS14-J. Do not trust the contents of hidden form fields | 
| JAVA.IO.INJ.XSS.EMWP | IDS14-J. Do not trust the contents of hidden form fields | 
| JAVA.IO.PERM | FIO01-J. Create files with appropriate access permissions | 
| JAVA.IO.PERM | SEC01-J. Do not allow tainted variables in privileged blocks | 
| JAVA.IO.PERM | ENV03-J. Do not grant dangerous combinations of permissions | 
| JAVA.IO.PERM.ACCESS | FIO01-J. Create files with appropriate access permissions | 
| JAVA.IO.PERM.ACCESS | SEC01-J. Do not allow tainted variables in privileged blocks | 
| JAVA.IO.TAINT.ADDR | IDS14-J. Do not trust the contents of hidden form fields | 
| JAVA.IO.TAINT.BUNDLE | IDS14-J. Do not trust the contents of hidden form fields | 
| JAVA.IO.TAINT.CONTROL | IDS14-J. Do not trust the contents of hidden form fields | 
| JAVA.IO.TAINT.DEVICE | IDS14-J. Do not trust the contents of hidden form fields | 
| JAVA.IO.TAINT.EVAL | IDS14-J. Do not trust the contents of hidden form fields | 
| JAVA.IO.TAINT.HTTP | IDS14-J. Do not trust the contents of hidden form fields | 
| JAVA.IO.TAINT.LDAP.ATTR | IDS14-J. Do not trust the contents of hidden form fields | 
| JAVA.IO.TAINT.LDAP.FILTER | IDS14-J. Do not trust the contents of hidden form fields | 
| JAVA.IO.TAINT.LOG | IDS03-J. Do not log unsanitized user input | 
| JAVA.IO.TAINT.LOG | IDS14-J. Do not trust the contents of hidden form fields | 
| JAVA.IO.TAINT.MESSAGE | IDS14-J. Do not trust the contents of hidden form fields | 
| JAVA.IO.TAINT.MESSAGE | SER02-J. Sign then seal objects before sending them outside a trust boundary | 
| JAVA.IO.TAINT.MESSAGE | SEC06-J. Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar | 
| JAVA.IO.TAINT.PATH | IDS14-J. Do not trust the contents of hidden form fields | 
| JAVA.IO.TAINT.REFLECTION | IDS14-J. Do not trust the contents of hidden form fields | 
| JAVA.IO.TAINT.REGEX | IDS08-J. Sanitize untrusted data included in a regular expression | 
| JAVA.IO.TAINT.REGEX | IDS14-J. Do not trust the contents of hidden form fields | 
| JAVA.IO.TAINT.RESOURCE | IDS14-J. Do not trust the contents of hidden form fields | 
| JAVA.IO.TAINT.SESSION | IDS14-J. Do not trust the contents of hidden form fields | 
| JAVA.IO.TAINT.TRUSTED | IDS14-J. Do not trust the contents of hidden form fields | 
| JAVA.IO.TAINT.URL | IDS14-J. Do not trust the contents of hidden form fields | 
| JAVA.IO.TAINT.XAML | IDS14-J. Do not trust the contents of hidden form fields | 
| JAVA.IO.TAINT.XML | IDS14-J. Do not trust the contents of hidden form fields | 
| JAVA.IO.TAINT.XPATH | IDS14-J. Do not trust the contents of hidden form fields | 
| JAVA.LIB.RAND.FUNC | MSC02-J. Generate strong random numbers | 
| JAVA.LIB.RAND.LEGACY.GEN | MSC02-J. Generate strong random numbers | 
| JAVA.MATH.ABSRAND | NUM00-J. Detect or prevent integer overflow | 
| JAVA.MATH.APPROX.E | NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data | 
| JAVA.MATH.APPROX.PI | NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data | 
| JAVA.MISC.SD.EXT | MSC03-J. Never hard code sensitive information | 
| JAVA.NULL.DEREF FB.STYLE.NP_DEREFERENCE_OF_READLINE_VALUE | EXP01-J. Do not use a null in a case where an object is required | 
| FB JAVA.NULL.STYLE.NP_IMMEDIATE_DEREFERENCE_OF_READLINEPARAM.ACTUAL | EXP01-J. Do not use a null in a case where an object is required | 
| FB JAVA.NULL.STYLE.NP_LOAD_OF_KNOWN_NULL_VALUERET.ARRAY | EXP01-J. Do not use a null in a case where an object is required | 
| FB JAVA.NULL.STYLE.NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUERET.BOOL | EXP01-J. Do not use a null in a case where an object is required | 
| FB JAVA.NULL.STYLE.NP_NULL_ON_SOME_PATH_MIGHT_BE_INFEASIBLERET.OPT | EXP01-J. Do not use a null in a case where an object is required | 
| FB JAVA.NULL.STYLE.NP_PARAMETER_MUST_BE_NONNULL_BUT_MARKED_AS_NULLABLERET.UNCHECKED | EXP00EXP01-J. Do not  use a null in a case where an object is requiredignore values returned by methods | 
| JAVA.STRUCT.DUPD FB.STYLE.NP_UNWRITTEN_PUBLIC_OR_PROTECTED_FIELD | EXP01-J. Do not use a null in a case where an object is required | 
| PMD JAVA.STRUCT.BasicEXCP.AvoidThreadGroupBROAD | THI01 ERR07-J. Do not  invoke ThreadGroup methodsthrow RuntimeException, Exception, or Throwable | 
| JAVA.STRUCT.EXCP.EEH | ERR00 | PMD.Basic.DontUseFloatTypeForLoopIndices | NUM09-J. Do not  use floating-point variables as loop counterssuppress or ignore checked exceptions | 
| JAVA.STRUCT.EXCP.GEH | ERR08 | PMD.Design.BadComparison | NUM07-J. Do not  attempt comparisons with NaN | 
| PMD.Design.SimpleDateFormatNeedsLocale | STR02-J. Specify an appropriate locale when comparing locale-dependent data | 
| PMD.Design.UseLocaleWithCaseConversions | STR02-J. Specify an appropriate locale when comparing locale-dependent data | 
| PMD.Design.UseNotifyAllInsteadOfNotify | THI02-J. Notify all waiting threads rather than a single thread | 
| PMD.J2EE.DoNotCallSystemExit | ERR09-J. Do not allow untrusted code to terminate the JVM | 
| PMD.Security-Code-Guidelines.ArrayIsStoredDirectly | OBJ06-J. Defensively copy mutable inputs and mutable internal components | 
| PMD.Strict-Exceptions.AvoidCatchingThrowable | ERR08-J. Do not catch NullPointerException or any of its ancestors | 
| catch NullPointerException or any of its ancestors | 
| JAVA.STRUCT.EXCP.INAPP | ERR08-J. Do not catch NullPointerException or any of its ancestors | 
| JAVA.STRUCT.SE.ASSERT | DCL00-J. Prevent class initialization cycles | 
| JAVA.STRUCT.SE.ASSERT | EXP06-J. Expressions used in assertions must not produce side effects | 
| JAVA.STRUCT.UA | DCL00-J. Prevent class initialization cycles | 
| JAVA.STRUCT.UA.DEFAULT | DCL00-J. Prevent class initialization cycles | 
| JAVA.STRUCT.UPD | EXP01-J. Do not use a null in a case where an object is required | 
| JAVA.STRUCT.UPED | EXP01-J. Do not use a null in a case where an object is required | PMD.Strict-Exceptions.DoNotThrowExceptionInFinally | ERR04-J. Do not complete abruptly from a finally block |