Scan for Java Libraries
Advanced usage tracking detects libraries associated with both Application and Deployed Application in the fleet, and provides security vulnerability information, if any. It can detect usage associated with both Oracle JDK and OpenJDK distributions.
The Java libraries are scanned using static analysis and does not identify dynamically loaded libraries. The static scan:
- Gets all the jars from the class path (obtained from system properties). The class path scanning depends on the include and exclude path that is configured in agent settings.
- Reads the manifests of all jars in the class path to load all possible dependencies
- Reads the
pom
file to get the first level dependencies - Scans all dependencies within a
war
orear
package in case of application server deployments
For shaded jars, only
pom
file, if any, is scanned. As details about the dependent jar
files are not available, Scan for Java Libraries does not provide details of JAR manifest.
- Scan for Java Libraries might not have identified all library dependencies of the application.
- Analysis might not have identified all vulnerabilities.
- There might be new vulnerabilities affecting your application as data is refreshed from the National Vulnerability Database on a weekly basis. To detect new vulnerabilities, we recommend you to perform the scan for Java libraries frequently.
The results of the analysis aren't to be treated as absolute. You might need to perform additional analysis or investigation.
You can initiate the scan using one of the following methods:
- In the Fleet details panel, click Scan for Java libraries.
- In the Resources section on the fleet details page, navigate to Managed instances. Select the desired managed instances by checking the respective boxes in the Managed instances table. Then, click Actions and choose Scan for Java libraries.
- In the Resources section on the fleet details page, navigate to Managed instances. In the Managed instances table, locate the specific managed instance where you want to install the Java runtime. Click the managed instance to access its details page, and then click Scan for Java libraries.
The scan might cause high CPU and memory utilization in managed instances.
You can view the progress or status of the operation from the Work request module.
See Java Libraries panel and Java Library Details to review the results of the scan for Java libraries.