jar-analyzer

jar-analyzer / jar-analyzer-claude

Public

Claude Code plugin for Java JAR security audit — 基于 jar-analyzer 的 Claude Code 安全审计插件,构建数据库,AI 深入分析

claude-code-plugin code-audit jar-analyzer security-audit vulnerability
18
0
100% credibility
Found Mar 21, 2026 at 18 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
AI Summary

A plugin for an AI coding assistant that analyzes Java application packages for security vulnerabilities, traces exploit paths, and highlights risky code.

How It Works

1
🕵️‍♂️ Discover the Security Helper

You hear about a smart AI sidekick that inspects bundled Java apps for hidden dangers.

2
📁 Share Your App Package

You pick the file containing your Java application and hand it over to the AI checker.

3
🔍 Map Out the App's Insides

The AI quietly explores every corner of your app, noting how pieces connect and relate.

4
🛡️ Hunt for Safety Risks

You ask it to scan for tricky issues like sneaky code takeovers or data leaks.

5
📋 See the Warning List

It hands you a clear report of potential problems, showing paths to reach them.

6
👁️ Peek Inside Suspicious Spots

Click to view the actual code snippets and double-check what's going wrong.

Make Your App Safer

With all the insights, you fix the weak spots and rest easy knowing your app is secure.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 18 to 18 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is jar-analyzer-claude?

jar-analyzer-claude is a Claude Code plugin that performs static security audits on Java JAR and WAR files. Using claude code cli skills like `/build-db` to build a SQLite database from your binaries—capturing classes, method calls, and inheritance—and `/do-analyze` to detect RCE, SQL injection, SSRF, deserialization flaws, and more, it traces vuln paths from HTTP sinks back to controllers. Built on Java 8+ for analysis and Python 3+ for queries, it handles Spring components, decompiles code, and flags hardcoded secrets, saving hours on manual JAR reviews.

Why is it gaining traction?

It hooks developers with call chain tracing to verify exploit reachability and built-in decompilation, going beyond basic scanners like those in claude github copilot or claude github integration. Claude code skills enable quick workflows in claude code remote sessions, with claude code free tier access and simple claude code install via claude code download—no heavy setup. Ties into claude github actions for CI audits, plus claude code docs cover claude code pricing and claude code kosten clearly.

Who should use this?

Java backend security engineers auditing vendor JARs for supply chain risks. AppSec teams tracing deserialization gadgets in Spring Boot WARs before prod deploys. Pentesters validating RCE paths in enterprise Java apps during red team ops.

Verdict

Early maturity with 18 stars and 1.0% credibility score means test it on non-critical JARs first—docs are solid, but lacks broad validation. Worth a spin for claude code cli users needing a focused analyzer audit tool.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.