JVMXRay is a real-time security monitoring agent for Java applications. It attaches via the standard -javaagent flag, no source code changes or recompilation needed, and uses bytecode injection to observe how an application interacts with protected resources.
JVMXRay includes nineteen modular sensors to track, file I/O, network connections, SQL queries, cryptographic operations, authentication events, process execution, serialization, reflection, HTTP requests, and more. Events are emitted as structured, machine-readable Logback messages rather than unstructured messages written by developers of various quality. Automatic cross-sensor correlation via trace IDs and scope chains lets teams reconstruct full attack chains, from an inbound HTTP request through SQL injection to data exfiltration, in a single query.
What does it provide? In a nutshell…
JVMXRay emits structured security events as log messages over Logback, supercharging the centralized log analysis you already have in place. Instead of grep-ing through walls of unstructured text, tools like Splunk, ELK, or DataDog can immediately parse, index, and alert on every event. Here are a few log messages from tests that run at build time showing different sensor types and log meta:
// System.getProperty() call: our app uses 3rd party libs like Apache and it's
// retrieving a property setting.
C:AP | 2026.03.30 at 13:39:04 CDT | main | INFO | org.jvmxray.events.config.property | | caller=com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager:227, trace_id=4iluqvt6cxe6u2hwdp7zqsy7q, parent_scope=none, property_key=javax.xml.accessExternalSchema, value_retrieved=false, AID=F3F1F919-1802-494B-A316-D10273141149, operation=system_getProperty, scope_depth=1, scope_chain=Config, CID=unit-test
// 3rd party lib statically loaded (like an Import). We can see the fully
// qualified path to the loaded library. We can also see dynamically
// loaded libraries w/transitive dependencies.
C:AP | 2026.03.30 at 13:39:04 CDT | main | INFO | org.jvmxray.events.system.lib | | load_type=static, trace_id=52q92hurijffqwr72hk5b6ei2, sha256=b4a6981f3ed4ab7d57b4fa4d13d0a81c615e501fb1ea36a9aa59aa3eaaba99f6, groupId=org.jvmxray, packages=org.jvmxray, version=0.0.1, scope_depth=1, caller=unknown:0, implVersion=0.0.1, parent_scope=none, jar_path=/Users/milton/github/jvmxray/target/jvmxray-0.0.1.jar, artifactId=jvmxray, AID=F3F1F919-1802-494B-A316-D10273141149, scope_chain=Lib, CID=unit-test
// A process execution was noted. In our case, a test program TurtleIntegrationTest
// ran an executable at line 799.
C:AP | 2026.03.30 at 13:39:05 CDT | main | INFO | org.jvmxray.events.system.process | | args=JVMXRay Process Test, caller=org.jvmxray.shared.integration.turtle.TurtleIntegrationTest:799, trace_id=atpi9b8ddjp769o87lime6uf7, execution_time_ms=6, parent_scope=none, AID=F3F1F919-1802-494B-A316-D10273141149, operation=EXECUTE, scope_depth=1, command=echo, scope_chain=Process, status=started, CID=unit-test
DeepViolet API · DeepViolet Tools are open-source Java projects for analyzing and assessing the security of TLS/SSL connections. The API provides programmatic access for embedding connection analysis into custom applications, CI/CD pipelines, and security tooling. The Tools project builds on the API to deliver a desktop GUI application and a command-line scanner for interactive use — no coding required.
Together they support cipher suite enumeration, certificate chain analysis and validity checking, revocation verification via OCSP, CRL, and Certificate Transparency, CAA and DANE/TLSA checks, and post-quantum readiness assessment. The tools layer adds risk scoring using a YAML-driven engine with 65 rules across 7 categories, multiple export formats including HTML, PDF, and JSON, heat map visualization for at-a-glance comparison, and an integrated AI assistant with support for OpenAI, Anthropic, and Ollama models.
What does it provide? In a nutshell…
Following image is a DeepViolet TLS Workbench report fragment showing a transport risk analysis. If desired, these reports can be printed with full meta data, CRL/OCSP responder status, CT log verification, etc. However, most people just want to see the risks.
