Some of our Java engines require byte-code to perform their security analysis. At the
moment, GuardRails attempts to build
Gradle projects on Java 8 automatically.
For Software Composition Analysis (SCA) that detects vulnerable 3rd party libraries, we
have one engine that supports
Gradle without requiring building of a project.
The GuardRails CLI also allows the integration of GuardRails as a build-step,
so that the security analysis can be triggered against the already built artifacts.
See the child pages for more information:
- Using Vulnerable Libraries
- Insecure Use of SQL Queries
- Insecure Use of Dangerous Function
- Insecure Use of Regular Expressions
- Hard-Coded Secrets
- Insecure Authentication
- Insecure Configuration
- Insecure File Management
- Insecure Use of Crypto
- Insecure Use of Language/Framework API
- Insecure Processing of Data
- Insecure Network Communication
Recommended Resources for Java: