Overview

This is the documentation for Java and Scala vulnerabilities that are detected by GuardRails. The documentation is grouped based on vulnerability category.

Note

Some of our Java engines require byte code to perform their security analysis. At the moment, GuardRails attempts to build Maven and Gradle projects on Java 8 automatically. For Software Composition Analysis (SCA) that detects vulnerable 3rd party libraries, we have one engine that supports Maven and Gradle without requiring the building of a project. The GuardRails CLI also allows the integration of GuardRails as a build-step, so that the security analysis can be triggered against the already-built artifacts.

See the child pages for more information:

• Hard-Coded Secrets
• Insecure Authentication
• Insecure Access Control
• Insecure Configuration
• Insecure File Management
• Insecure Network Communication
• Insecure Processing of Data
• Insecure Use of Crypto
• Insecure Use of Dangerous Function
• Insecure Use of Regular Expressions
• Insecure Use of SQL Queries
• Using Vulnerable Libraries

Recommended Resources for Java:

• Awesome Java Security