Our Java engines require byte-code to perform their security analysis. At the
moment, GuardRails attempts to build
Gradle projects on Java 8 automatically.
For Software Composition Analysis (SCA) that detects vulnerable 3rd party libraries, we
have one engine that supports
Gradle without requiring building of a project.
This only succeeds if no authenticated private registries are referenced. Support for other
build systems such as
sbt, as well as private repositories will be added in the future.
The GuardRails CLI also allows the integration of GuardRails as a build-step,
so that the security analysis can be triggered against the already built artifacts.
If you have a different build system, that is not supported yet, please send an email to: firstname.lastname@example.org.
See the child pages for more information:
- Using Vulnerable Libraries
- Insecure Use of SQL Queries
- Insecure Use of Dangerous Function
- Insecure Use of Regular Expressions
- Hard-Coded Secrets
- Insecure Authentication
- Insecure Configuration
- Insecure File Management
- Insecure Use of Crypto
- Insecure Use of Language/Framework API
- Insecure Processing of Data
- Insecure Network Communication
Recommended Resources for Java: