jguard-io

Capability-Based Security Framework for the JVM

jGuard enables JVM applications to execute untrusted code (e.g., plugins, extensions, and embedded automation) with explicit, least-privilege access controls.

Built for JDK 21+ in the post-SecurityManager era.

Example Policy

security module com.example.myapp {
    entitle com.example.myapp.http.. to network.outbound;
    entitle com.example.myapp.io..   to fs.read(data, "**");
    entitle com.example.myapp..      to threads.create;
}

Quick Start

plugins {
    id "io.jguard.policy" version "0.2.0"
}

./gradlew runWithAgent

Resources


Documentation	Getting started, policy reference, tutorials
GitHub	Source code and issues
Maven Central	Released artifacts
Gradle Plugin	Build integration

Community

We welcome contributions! Please read our community guidelines:

Contributing Guide - How to contribute code and documentation
Code of Conduct - Expected behavior and community standards
Governance - Project decision-making process
Security Policy - How to report vulnerabilities

License

Apache 2.0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

jguard-io

Example Policy

Quick Start

Resources

Community

License

Pinned Loading

Repositories

Uh oh!

Uh oh!

Uh oh!

People

Top languages

Uh oh!

Most used topics

Uh oh!