Java Security

Open-source Java projects categorized as Security

Top 23 Java Security Projects

  • tink

    Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

    Latest mention: Building a Secure Signed JWT | | 2021-01-15

    appears to be focused on cryptography and not token signing. Maybe more of a complement? I did see a section about digital signing: and don't see any reason you couldn't integrate tink to sign JWTs.

  • zaproxy

    The OWASP ZAP core project

  • keycloak

    Open Source Identity and Access Management For Modern Applications and Services

  • jjwt

    Java JWT: JSON Web Token for Java and Android

    Latest mention: JWT authentication in Spring Security and Angular | | 2020-09-14

    There are many open-source JWT implementations available for all languages. In this blog post, we use Java jjwt library in this blog post.

  • spring-security

    Spring Security

  • graylog2-server

    Free and open source log management

  • cryptomator

    Multi-platform transparent client-side encryption of your files in the cloud

    Latest mention: Cryptopmator vs Veracrypt using with Resilio Sync | | 2021-01-04

    Why does Cryptomator (GPL-3.0 License) have to be replaced with VeraCrypt to be completely open source?

  • shiro

    Apache Shiro

  • DependencyCheck

    OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

    Latest mention: Weekly Developer Roundup #16 - Sun Oct 04 2020 | | 2020-10-03

    jeremylong/DependencyCheck (Java): OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.

  • keywhiz

    A system for distributing and managing secrets

  • MifareClassicTool

    An Android NFC app for reading, writing, analyzing, etc. MIFARE Classic RFID tags.

    Latest mention: Store NFC-cards in app | | 2020-12-21

    Do you know what types of cards they are? Can you read them with ? What does say about them?

  • pac4j

    Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...

  • supertokens-core

    Open source alternative to Auth0 / Firebase Auth / AWS Cognito

  • libsignal-protocol-java

    Signal Protocol library for Java/Android

  • bc-java

    Bouncy Castle Java Distribution (Mirror)

    Latest mention: Dozens sue Amazon's Ring after camera hack leads to threats and racial slurs | | 2020-12-23

    Recently there was a constant time enhancement in bouncy castle that added a comparison using indexOf instead of charAt. Fairly easy to overlook, although glaring in hindsight, if there are no negative tests covering the functionality.

  • jcasbin

    An authorization library that supports access control models like ACL, RBAC, ABAC in Java

  • nzyme

    Nzyme collects 802.11 management frames directly from the air and sends them to a Graylog (Open Source log management) setup for WiFi IDS, monitoring, and incident response. It only needs a JVM and a WiFi adapter that supports monitor mode.

    Latest mention: My Inlaws Wifi Is Being Spoofed By Their | | 2020-12-31
  • play-pac4j

    Security library for Play framework 2 in Java and Scala: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...

  • NMapGUI

    Advanced Graphical User Interface for NMap

    Latest mention: Network Scan | | 2021-01-06

    With nmap scan results, it's up to you to convert the data to anything other than text. Zenmap is a GUI frontend for the scanner, and can do a bit of graphic mapping, but it's really showing its age. might be a better use of your time.

  • AuthMeReloaded

    The best authentication plugin for the Bukkit/Spigot API!

    Latest mention: Online mode = false // Any way to configure it to allow Premium skins? | | 2021-01-19

    AuthMe Reloaded has this option if I remember correctly. Link:

  • apg

    OpenPGP for Android

  • kalium

    Java binding to the Networking and Cryptography (NaCl) library with the awesomeness of libsodium

  • nbvcxz

    Password strength estimator

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2021-01-19.


What are some of the best open-source Security projects in Java? This list will help you:

Project Stars
1 tink 10,960
2 zaproxy 8,136
3 keycloak 7,967
4 jjwt 7,143
5 spring-security 5,588
6 graylog2-server 5,587
7 cryptomator 4,957
8 shiro 3,325
9 DependencyCheck 2,750
10 keywhiz 2,341
11 MifareClassicTool 2,221
12 pac4j 1,949
13 supertokens-core 1,829
14 libsignal-protocol-java 1,440
15 bc-java 1,337
16 jcasbin 1,276
17 nzyme 503
18 play-pac4j 373
19 NMapGUI 307
20 AuthMeReloaded 285
21 apg 238
22 kalium 204
23 nbvcxz 198