Cloudbase Sensor Adds Support for Java and Python

Cloudbase Inc. (Headquarters: Minato-ku, Tokyo; CEO: Koya Iwasa) announces that it has expanded the functionality of its Cloudbase Sensor, part of its domestic CNAPP (CSPM, SBOM, Vulnerability Management) 'Cloudbase', to newly include scanning capabilities for Java and Python packages. This adds support for major languages such as Java and Python, in addition to the existing Node.js. It powerfully promotes the visualization of application vulnerabilities regardless of the environment, from on-premises to private clouds. Development Background In recent years, with the growing risk of software supply chain attacks, the importance of understanding software composition through SBOM (Software Bill of Materials) and vulnerability management has been increasing. While Cloudbase previously supported visualization for Node.js, we received earnest feedback from customers on the ground. There was a need to 'continuously grasp risks across languages in a wide variety of execution environments.' We have sincerely addressed this issue and have now decided to add support for Java and Python. This will enable more comprehensive SBOM-based vulnerability management without burdening the teams on-site. Update Overview Java Package Scanning Support Cloudbase Sensor automatically detects and analyzes JAR files (.jar / .war / .ear / .par) on the target system to collect Java package information. It can scan all JARs on the file system, independent of build tools like Maven or Gradle. Furthermore, nested JARs contained within Spring Boot fat JARs are also recursively analyzed.

Information to be collected: ・ Package name (groupId:artifactId)

・Version

・Path information

・Hash value

Python Package Scanning Support It analyzes Python package metadata (.dist-info / .egg-info, etc.) to automatically collect installed packages. It visualizes across multiple environments, including virtual environments (venv), independent of package managers like pip, conda, or uv.

Information to be collected: