Safeguard
Tag

java

Safeguard articles tagged "java" — guides, analysis, and best practices for software supply chain and application security.

70 articles

SBOM & Compliance

Java SBOM Generation Tools Compared

Six tools generate SBOMs from Java projects. They disagree on transitive depth, license fields, and licensing of their own output. A head-to-head.

Dec 5, 20245 min read
Open Source Security

Java Modules Supply Chain Security

The Java Platform Module System arrived in Java 9 and has aged into quiet maturity. What JPMS actually does for supply chain posture in enterprise Java.

Nov 15, 20245 min read
Open Source Security

GraalVM Native Image Supply Chain

GraalVM native images change the supply chain story in ways that most SBOM tooling has not caught up with yet. Here is what gets baked in, what gets stripped out, and what still needs to be tracked.

Jul 20, 20247 min read
Open Source Security

Maven Central Changes in 2024 and Their Security Impact

Sonatype made several Maven Central changes in 2024 that materially affected the Java supply chain. A rundown of what changed, who was affected, and what Java teams should do.

May 28, 20246 min read
Software Supply Chain Security

Maven Plugin Verification: Securing Your Java Build Pipeline

Maven plugins execute during your build with full JVM access. Here is how to verify they are legitimate and have not been tampered with.

May 8, 20244 min read
Open Source Security

Spring Dependency Management Supply Chain

Spring Boot's dependency management is the unsung hero of the Java ecosystem, and it is also a supply chain seam worth understanding. Here is how BOMs, starters, and transitive version coercion shape what actually ships.

Apr 30, 20247 min read
Open Source Security

Maven Enforcer Plugin Security Rules

Maven Enforcer is a blunt instrument most teams underuse. Here is how to turn it into a supply chain guardrail that blocks bad versions, bad repositories, and bad dependency graphs before they ship.

Mar 25, 20247 min read
Vulnerabilities

Apache Struts 2 Vulnerabilities: A History Worth Knowing

Apache Struts 2 has produced some of the most damaging vulnerabilities in web application history, including the flaw behind the Equifax breach. Here's what happened and why it keeps happening.

Mar 11, 20245 min read
Software Supply Chain Security

Gradle Plugin Security Risks: The Code That Runs Before Your Code

Gradle plugins execute during your build with full access to your environment. Most teams never audit them. Here is why that is dangerous.

Jan 8, 20244 min read
Application Security

Java Module System Security Features: What JPMS Actually Delivers

The Java Platform Module System promised stronger encapsulation and security boundaries. Here is what it actually delivers and where the gaps remain.

Nov 8, 20235 min read
Application Security

Spring Boot Security and Dependency Management

Securing Spring Boot applications with dependency management BOMs, vulnerability scanning, and hardened configurations.

Sep 20, 20234 min read
SBOM & Compliance

How to Generate SBOMs From Maven Projects

Produce accurate CycloneDX SBOMs from Maven builds using the official plugin, handle multi-module reactors, and ship attested SBOMs alongside your JARs.

Aug 5, 20234 min read
java (Page 5) — Safeguard Blog