I will review your java codebase for security, bugs and code quality
About this Gig
Most Java codebases accumulate security vulnerabilities and technical debt silently. By the time they're visible, they're expensive to fix.
I've spent 7+ years auditing and hardening microservices for different clients using the same tools demanded by financial regulators.
What you get:
- Static analysis with SonarQube issues, smells, and duplications
- Security review: OWASP Top 10, Spring Security misconfigurations
- Dependency audit outdated libraries and known CVEs
- JaCoCo test coverage analysis gaps identified and documented
- Prioritized findings report: critical/high / medium with fix recommendations
- Optional: hands-on remediation of identified issues
This is a great fit if you:
- Inherited a codebase and don't know what's hiding in it
- Are you preparing for a security or compliance review
- Shipped fast, and need to know what corners were cut
AWS Certified Solutions Architect Associate
Message me before ordering, share what you have, and I'll scope it accurately.
Development technology:
Java
FAQ
What do you need from me to get started?
Access to your repository (GitHub, GitLab, Bitbucket, or Azure Repos) and a brief description of the tech stack and any known problem areas. Read-only access is enough — I don't need deployment credentials.
What Java frameworks and versions do you support?
Primarily Java 8–21 with Spring Boot, Spring Security, Spring Data, and Spring WebFlux. If you're using a different stack, message me first and I'll confirm compatibility.
What is SonarQube and why does it matter?
SonarQube is the industry-standard static analysis tool for Java. It detects security vulnerabilities, code smells, duplications, and test coverage gaps automatically. I've used it across every banking project I've worked on — it's the baseline for production-grade code quality.
What does the findings report look like?
A structured document with every issue categorized by severity (critical / high / medium / low), the affected file and line, an explanation of the risk, and a concrete fix recommendation. You walk away knowing exactly what to fix and in what order.
Do you fix the issues you find?
Not in the Basic or Standard packages — those deliver the audit and report. Hands-on remediation is available as a gig extra or included in the Premium package. Most clients start with an audit, then decide what to fix themselves or hire me for remediation.
Will you need access to my production environment?
No. I work exclusively from your source code repository. I never need access to production systems, databases, or live credentials.

