I am looking for an open source static source code analysis tool that can be used for security testing of an android application. I need to make sure that my application is PCI compliant.
An example of a non-open source tool is Fortify.
Anyone can help in providing a list of recommended software?
PMD and FindBugs are some of the best Static code analysers that I have worked on. You can try them. You can add your own rule and delete some of the existing ones from them.
https://www.sparkred.com/blog/open-source-java-static-code-analyzers/