Java Security

Open-source Java projects categorized as Security

Top 23 Java Security Projects

  • Keycloak

    Open Source Identity and Access Management For Modern Applications and Services

    Project mention: Ask HN: Any Comprehensive Courses on Auth? | | 2023-11-19

    FastAPI's tutorial on how to implement a basic OAuth server helped me a lot in understanding the basic concepts.

    After getting familiar, I self hosted Keycloak and integrated it with my FastAPI server.

  • Tink

    Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

    Project mention: “Please do not make it public” (Tencent’s Sogou Input Method) | | 2023-08-09

    > I wonder what people say when they find a bug despite you using standard crypto?

    Not using TLS doesn't automatically mean you need to "roll your own crypto". They could have used a well documentend library such as Google Tink[1] instead of doing their own crypto.


  • Onboard AI

    Learn any GitHub repo in 59 seconds. Onboard AI learns any GitHub repo in minutes and lets you chat with it to locate functionality, understand different parts, and generate new code. Use it for free at

  • ZAP

    The ZAP core project

    Project mention: Show HN: Pākiki Proxy – An intercepting proxy for penetration pesting | | 2023-10-27

    Briefly reviewed your product. Seems like OWASP ZAP is your competition:

    It runs entirely in the browser so it uses the browser "native" frameworks.

  • SuperTokens Community

    Open source alternative to Auth0 / Firebase Auth / AWS Cognito

    Project mention: What is the best way to implement authentication that provides Google Auth, Facebook Auth, etc. | /r/node | 2023-10-18
  • Cryptomator

    Multi-platform transparent client-side encryption of your files in the cloud

    Project mention: VeraCrypt: Free, open source, disk encryption for Windows, Mac OS X, Linux | | 2023-10-01

    I've used countless encryption "schemes" over the years, from True/Vera-Crypt to encrypted sparse bundles/images, and none have ever really felt right.

    These days i tend to use Cryptomator[0] instead. It accomplishes what none of the others could do, which is transparent encryption across devices.

    With Cryptomator, i simply create a vault somewhere in the cloud, stuff data in it, and i can access it from my laptop, phone or tablet, and not think much about it. It integrates into the normal file browsing APIs, and doesn't get in the way.

    Because it does "per file" encryption, it also doesn't need to download a 20-100MB chunk from the cloud before decrypting, so it's rather fast (depending on file size of course).


  • jjwt

    Java JWT: JSON Web Token for Java and Android

    Project mention: Java JWT: JSON Web Token for Java and Android | | 2023-10-04
  • Spring Security

    Spring Security

    Project mention: Spring Security private_key_jwt with AWS KMS | | 2023-01-16

    Spring security has long had great OAuth2.0 support from both the server and client elements. Recently spring security added support for the private_key_jwt client authentication method as part of the authorization code grant flow. Spring Security GitHub ref

  • InfluxDB

    Collect and Analyze Billions of Data Points in Real Time. Manage all types of time series data in a single, purpose-built database. Run at any scale in any environment in the cloud, on-premises, or at the edge.

  • graylog

    Free and open log management

    Project mention: graylog VS openobserve - a user suggested alternative | | 2023-09-07
  • DependencyCheck

    OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

    Project mention: How To Secure Your JavaScript Applications | | 2023-06-14

    Use Security Tools: To identify known vulnerabilities in your project's dependencies, you can utilize commands like npm audit or employ third-party security scanners such as DependencyCheck or Dependabot. These tools thoroughly analyze the dependency tree and offer actionable insights to assist you in resolving any identified vulnerabilities.

  • Apache Shiro

    Apache Shiro

  • hawk

    ✔️ Secure, simple key-value storage for Android

  • MifareClassicTool

    An Android NFC app for reading, writing, analyzing, etc. MIFARE Classic RFID tags.

    Project mention: MifareClassicTool - An Android NFC app for reading, writing, analyzing, etc. MIFARE Classic RFID tags. | /r/hacking | 2023-02-19
  • jasypt-spring-boot

    Jasypt integration for Spring boot

  • pac4j

    Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...

    Project mention: The Java security framework to protect web applications and web services | | 2023-06-26
  • FairEmail

    Fully featured, open source, privacy friendly email app for Android

    Project mention: FairEmail development may cease due to Google 'security' requirements | | 2023-11-16
  • jCasbin

    An authorization library that supports access control models like ACL, RBAC, ABAC in Java

  • find-sec-bugs

    The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)

  • Bouncy Castle

    Bouncy Castle Java Distribution (Mirror)

    Project mention: Java implementation of a quantum computing resistant cryptographic algorithm | | 2023-10-23

    The readme mentions a dependency on Bouncy Castle - note that BC already contains several Java-based PQC signature schemes, see and

  • dependency-track

    Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

    Project mention: Dependency-Track | | 2023-10-27
  • Peergos

    A p2p, secure file storage, social network and application protocol

    Project mention: Amino – The Public IPFS DHT Is Getting a Facelift | | 2023-10-03

    You can do that with peergos [1]- mount a peergos folder locally using FUSE. Or login to the web interface and share easily and privately.


  • orbot

    The Github home of Orbot: Tor on Android (Also available on gitlab!)

    Project mention: Daily Reminder: You Need Orbot on Your Smartphone | /r/privacy | 2023-10-24
  • itext7

    iText for Java represents the next level of SDKs for developers that want to take advantage of the benefits PDF can bring. Equipped with a better document engine, high and low-level programming capabilities and the ability to create, edit and enhance PDF documents, iText can be a boon to nearly every workflow.

  • burpgpt

    A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities, and enables running traffic-based analysis of any type.

    Project mention: Lost all my content writing contracts. Feeling hopeless as an author. | /r/ChatGPT | 2023-05-06
  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2023-11-19.

Java Security related posts


What are some of the best open-source Security projects in Java? This list will help you:

Project Stars
1 Keycloak 18,140
2 Tink 13,369
3 ZAP 11,479
4 SuperTokens Community 10,745
5 Cryptomator 10,105
6 jjwt 9,482
7 Spring Security 8,091
8 graylog 6,856
9 DependencyCheck 5,481
10 Apache Shiro 4,200
11 hawk 3,950
12 MifareClassicTool 3,948
13 jasypt-spring-boot 2,663
14 pac4j 2,338
15 FairEmail 2,328
16 jCasbin 2,268
17 find-sec-bugs 2,140
18 Bouncy Castle 2,068
19 dependency-track 2,016
20 Peergos 1,755
21 orbot 1,719
22 itext7 1,688
23 burpgpt 1,685
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives