From 37211d5610f815ffc5eb1bde771c3c3372f84e05 Mon Sep 17 00:00:00 2001 From: Oliver Chang Date: Wed, 8 Jan 2025 10:30:19 +1100 Subject: [PATCH] Add README --- experimental/javareach/README.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 experimental/javareach/README.md diff --git a/experimental/javareach/README.md b/experimental/javareach/README.md new file mode 100644 index 00000000000..43ef6063b19 --- /dev/null +++ b/experimental/javareach/README.md @@ -0,0 +1,19 @@ +# Java reachability (WIP) + +This is an experimental tool to statically enumerate the reachable classes in a +Java program. + +The intention is to see if this can be used to exclude transitive dependencies +from vulnerability scanning completely, if they can be proven to be +unreachable. + +## Usage + +``` +go run ./cmd/reachable -classpath= path/to/root/class +``` + +Note that `` currently only supports a single directory path +containing .class files, with a directory structure that mirrors the package +hierarchy. This is unlike classpaths supported by Java runtimes (which supports +specifying multiple directories and .jar files)