Nov 6, 2025

Binarly Transparency Platform 3.5 now supports Java archives and JVM bytecode Binarly released the Binarly Transparency Platform 3.5 with Java ecosystem support, enterprise-grade YARA integration, and operational upgrades. With this update, Binarly’s cryptographic algorithm identification engine now supports Java archives (JARs) and JVM bytecode, scanning both standalone and embedded files inside Docker containers or firmware. This means organizations can finally see what cryptographic primitives their Java-based products depend on, without needing access to source code. Built on Code Property Graph (CPG) analysis, the new engine tracks dataflow across functions to eliminate false positives and maps every finding to NIST IR 8457 categories to help measure post-quantum cryptography ( PQC ) readiness. Support currently covers Bouncy Castle, Apache Commons, Google Tink, and Guava, with Android package analysis arriving later this year. The platform refresh also features deep integration of YARA, the industry’s signature-based detection standard, across large-scale software and firmware portfolios. Traditionally, maintaining YARA rules across teams and suppliers has been plagued by syntax drift, rule sprawl, and inconsistent enforcement. Binarly eliminates that friction with an interactive YARA Playground for rule development (YARA and our own FwHunt), a governed Rules Manager with granular role-based access controls, and a real-time Rust-based YARA-X engine that validates rules before deployment. The result is a single governed pipeline where PSIRTs (Product Security Incident Response Teams), TPRM (Third Party Risk Management) teams, and procurement functions can drive consistent detections and evidence-based decisions across the enterprise. “Java support and enterprise-scale YARA integration solve two of the hardest blind spots in product security. Most teams struggle to understand what’s really inside their Java stacks and to operationalize YARA rules consistently across complex environments. We’re the first to build the tooling to connect data from existing threat-intelligence feeds and this release connects both worlds, providing deep cryptographic visibility and scalable threat-hunting capabilities,” said Alex Matrosov , CEO and Head of Research at Binarly. The Binarly Transparency Platform 3.5 also adds: Custom rule management: Security teams can define and deploy their own detection logic using YARA and FwHunt rules, the same internal schema Binarly uses for vulnerability and threat detections with more advanced code-driven rules. This bridges research and product security, allowing bespoke checks for vendor risk, hard-coded keys, or policy enforcement. Organization quotas: Simplifies license management with centralized allocation and visibility across distributed groups; Triage Enhancements to enable the addition of assignable statuses, threaded comments (with Markdown support), and dynamic charts; and backend upgrades that deliver faster performance, broader Android handling, and deeper extraction of cryptographic artifacts, from JARs to UEFI Secure Boot keys. From firmware to JVM bytecode, the Binarly Transparency Platform 3.5 is built by security research experts to give defenders a unified view of vulnerabilities, cryptographic posture, and reachability across complex software ecosystems. For procurement and third-party vendor risk teams, Binarly delivers measurable improvements in vendor assessment workflows by enabling private threat-intelligence ingestion, scoped rule enforcement, and transparent, evidence-backed risk reporting. Security teams benefit from faster rule validation, consistent detections, and streamlined triage, all while lowering the hidden operational costs that typically burden large-scale YARA programs. More about