Overview
Note
Our Java engines require byte-code to perform their security analysis. At the
moment, GuardRails attempts to build Maven
and Gradle
projects on Java 8 automatically.
For Software Composition Analysis (SCA) that detects vulnerable 3rd party libraries, we
have one engine that supports Maven
and Gradle
without requiring building of a project.
This only succeeds if no authenticated private registries are referenced. Support for other
build systems such as sbt
, as well as private repositories will be added in the future.
The GuardRails CLI also allows the integration of GuardRails as a build-step,
so that the security analysis can be triggered against the already built artifacts.
If you have a different build system, that is not supported yet, please send an email to: [email protected].
Overview
This is the documentation for Java and Scala vulnerabilities that are detected by GuardRails. The documentation is grouped based on vulnerability category.
See the child pages for more information:
- Using Vulnerable Libraries
- Insecure Use of SQL Queries
- Insecure Use of Dangerous Function
- Insecure Use of Regular Expressions
- Hard-Coded Secrets
- Insecure Authentication
- Insecure Configuration
- Insecure File Management
- Insecure Use of Crypto
- Insecure Use of Language/Framework API
- Insecure Processing of Data
- Insecure Network Communication
Recommended Resources for Java:
- Awesome Java Security
- Secure Code Warrior - Free Secure Coding Training