Sttor Documentation

Appearance

Java

Java SAST focuses on secure usage patterns common in enterprise backends:

What It Commonly Detects:

  • Injection risks (SQL/LDAP/command), unsafe string concatenation into queries/exec
  • Insecure deserialization
  • SSRF patterns in URL fetch/HTTP clients
  • Weak crypto primitives / insecure modes
  • Insecure file handling and path traversal patterns
  • “Supported build layouts” (Maven/Gradle typical structures)
  • “How to interpret traces” (source → sink)
  • “Common false positives” and suppression guidance

Copyright © 2026 Sttor