Classport: Designing Runtime Dependency Introspection for Java
For Java developers and security practitioners, Classport provides a novel capability for runtime dependency tracking, though it is an incremental solution to a known problem.
Classport enables runtime dependency introspection in Java by embedding dependency information into class files, addressing a gap in Software Supply Chain security. Evaluated on six real-world projects, it demonstrates feasibility in identifying dependencies at runtime.
Runtime introspection of dependencies, i.e., the ability to observe which dependencies are currently used during program execution, is fundamental for Software Supply Chain security. Yet, Java has no support for it. We solve this problem with Classport, a blueprint and system that embeds dependency information into Java class files, enabling the retrieval of dependency information at runtime. We evaluate Classport on six real-world projects, demonstrating the feasibility in identifying dependencies at runtime.