Java Security

Open-source Java projects categorized as Security | Edit details

Top 23 Java Security Projects

  • GitHub repo Keycloak

    Open Source Identity and Access Management For Modern Applications and Services

    Project mention: Best Authentication and Authorization practices | | 2021-10-20

    There is also as another FOSS option.

  • GitHub repo Zed

    The OWASP ZAP core project

    Project mention: Awesome Penetration Testing | | 2021-10-06

    OWASP Zed Attack Proxy (ZAP) - Feature-rich, scriptable HTTP intercepting proxy and fuzzer for penetration testing web applications.

  • Nanos

    Run Linux Software Faster and Safer than Linux with Unikernels.

  • GitHub repo jjwt

    Java JWT: JSON Web Token for Java and Android

  • GitHub repo Cryptomator

    Multi-platform transparent client-side encryption of your files in the cloud

    Project mention: Considering Upgrading to W11, worrying about files | | 2021-10-21
  • GitHub repo Spring Security

    Spring Security

    Project mention: How to ignore Url from Once per request filter | | 2021-05-12

    You can extract (and validate) the JWT token into the Principal by implementing the getPreAuthenticatedPrincipal method, and map the claims to user details by providing through a custom implementation of AuthenticationUserDetailsService.

  • GitHub repo graylog

    Free and open source log management

    Project mention: Building a SOC from scratch | | 2021-10-20

    The current school of thought is that the more consoles you have to look at, the more you'll miss. So we try to get everything in one place. Splunk is very popular in places that have the budget to spend, but functionally it's mostly a very polished ELK stack. If you're cost constrained, there are a lot of good ELK advice - mine is that a good friend of mine swears by Graylog and that's where I would start.

  • GitHub repo Apache Shiro

    Apache Shiro

    Project mention: Apache Shiro | | 2021-08-19
  • Scout APM

    Scout APM: A developer's best friend. Try free for 14-days. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.

  • GitHub repo DependencyCheck

    OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

    Project mention: Does anybody know any good materials for java defensive coding please?. | | 2021-06-19

    DependencyCheck is an open source tool that checks for vulnerabilities in dependencies used within a project. While it is a reactive tool, it's an important one since the code a developer writes is not the only code an application uses.

  • GitHub repo SuperTokens Community

    Open source alternative to Auth0 / Firebase Auth / AWS Cognito

    Project mention: Open source alternative to Keycloak and Ory for user auth | | 2021-10-08

    From what I see, SuperTokens is Open Source too.

  • GitHub repo MifareClassicTool

    An Android NFC app for reading, writing, analyzing, etc. MIFARE Classic RFID tags.

    Project mention: Help With Mifare Classic Tags | | 2021-02-17

    Note that some phones that don't have a NFC chip made by NXP don't fully support Mifare Classic tags. See this list and this one.

  • GitHub repo Keywhiz

    A system for distributing and managing secrets

  • GitHub repo FairEmail

    Fully featured, open source, privacy friendly email app for Android

    Project mention: K-9 Mail vs FairEmail | | 2021-10-22

    I've used both K-9 and FairEmail. I prefer FairEmail.

  • GitHub repo pac4j

    Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...

  • GitHub repo find-sec-bugs

    The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

    Project mention: Looking for a Static Code Analysis tool for Scala Code | | 2021-08-28

    If you don’t have checkmarx/Vera code money, have you looked at It can be used with a few things such as and sonarQ

  • GitHub repo libsignal-protocol-java

    Signal Protocol library for Java/Android

    Project mention: Facebook will verschlüsselte WhatsApp Nachrichten analysieren | | 2021-08-05
  • GitHub repo Bouncy Castle

    Bouncy Castle Java Distribution (Mirror)

    Project mention: Java - Bouncy castle - OpenPGP | | 2021-05-19
  • GitHub repo jCasbin

    An authorization library that supports access control models like ACL, RBAC, ABAC in Java

    Project mention: Casbin: An authorization library that supports access control models like ACL, RBAC, ABAC in Java | | 2021-04-08
  • GitHub repo Peergos

    A p2p, secure file storage, social network and application protocol

    Project mention: “With HTTP, you search for locations. With IPFS, you search for content.” | | 2021-10-17

    Peergos is an interesting human-friendly project built on top of IPFS. Works great so far.

    Of interest: they provide a trustless way to store your data encrypted data on centralised boxes (S3, Backblaze) if you want.

  • GitHub repo nzyme

    Nzyme is a free and open next-generation WiFi defense system. Go to for more information.

    Project mention: Nzyme – open-source next-generation WiFi defense system | | 2021-10-04
  • GitHub repo Hive2Hive

    Java library for secure, distributed, P2P-based file synchronization and sharing.

    Project mention: Libgdx, box2d local multiplayer? | | 2021-07-11
  • GitHub repo play-pac4j

    Security library for Play framework 2 in Java and Scala: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...

  • GitHub repo AuthMeReloaded

    The best authentication plugin for the Bukkit/Spigot API!

    Project mention: Online mode = false // Any way to configure it to allow Premium skins? | | 2021-01-19

    AuthMe Reloaded has this option if I remember correctly. Link:

  • GitHub repo NMapGUI

    Advanced Graphical User Interface for NMap

    Project mention: Network Scan | | 2021-01-06

    With nmap scan results, it's up to you to convert the data to anything other than text. Zenmap is a GUI frontend for the scanner, and can do a bit of graphic mapping, but it's really showing its age. might be a better use of your time.

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2021-10-22.


What are some of the best open-source Security projects in Java? This list will help you:

Project Stars
1 Keycloak 10,306
2 Zed 8,906
3 jjwt 7,846
4 Cryptomator 6,302
5 Spring Security 6,286
6 graylog 5,862
7 Apache Shiro 3,632
8 DependencyCheck 3,402
9 SuperTokens Community 2,747
10 MifareClassicTool 2,589
11 Keywhiz 2,437
12 FairEmail 2,430
13 pac4j 2,068
14 find-sec-bugs 1,717
15 libsignal-protocol-java 1,645
16 Bouncy Castle 1,527
17 jCasbin 1,518
18 Peergos 967
19 nzyme 907
20 Hive2Hive 494
21 play-pac4j 386
22 AuthMeReloaded 348
23 NMapGUI 336
Find remote jobs at our new job board There are 37 new remote jobs listed recently.
Are you hiring? Post a new remote job listing for free.
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives