java
Safeguard articles tagged "java" — guides, analysis, and best practices for software supply chain and application security.
70 articles
Java SBOM Generation Tools Compared
Six tools generate SBOMs from Java projects. They disagree on transitive depth, license fields, and licensing of their own output. A head-to-head.
Java Modules Supply Chain Security
The Java Platform Module System arrived in Java 9 and has aged into quiet maturity. What JPMS actually does for supply chain posture in enterprise Java.
GraalVM Native Image Supply Chain
GraalVM native images change the supply chain story in ways that most SBOM tooling has not caught up with yet. Here is what gets baked in, what gets stripped out, and what still needs to be tracked.
Maven Central Changes in 2024 and Their Security Impact
Sonatype made several Maven Central changes in 2024 that materially affected the Java supply chain. A rundown of what changed, who was affected, and what Java teams should do.
Maven Plugin Verification: Securing Your Java Build Pipeline
Maven plugins execute during your build with full JVM access. Here is how to verify they are legitimate and have not been tampered with.
Spring Dependency Management Supply Chain
Spring Boot's dependency management is the unsung hero of the Java ecosystem, and it is also a supply chain seam worth understanding. Here is how BOMs, starters, and transitive version coercion shape what actually ships.
Maven Enforcer Plugin Security Rules
Maven Enforcer is a blunt instrument most teams underuse. Here is how to turn it into a supply chain guardrail that blocks bad versions, bad repositories, and bad dependency graphs before they ship.
Apache Struts 2 Vulnerabilities: A History Worth Knowing
Apache Struts 2 has produced some of the most damaging vulnerabilities in web application history, including the flaw behind the Equifax breach. Here's what happened and why it keeps happening.
Gradle Plugin Security Risks: The Code That Runs Before Your Code
Gradle plugins execute during your build with full access to your environment. Most teams never audit them. Here is why that is dangerous.
Java Module System Security Features: What JPMS Actually Delivers
The Java Platform Module System promised stronger encapsulation and security boundaries. Here is what it actually delivers and where the gaps remain.
Spring Boot Security and Dependency Management
Securing Spring Boot applications with dependency management BOMs, vulnerability scanning, and hardened configurations.
How to Generate SBOMs From Maven Projects
Produce accurate CycloneDX SBOMs from Maven builds using the official plugin, handle multi-module reactors, and ship attested SBOMs alongside your JARs.