{"id":25050648,"url":"https://github.com/steadybit/extension-jvm","last_synced_at":"2026-02-21T01:13:24.429Z","repository":{"id":177286654,"uuid":"648626986","full_name":"steadybit/extension-jvm","owner":"steadybit","description":"A Steadybit extension for jvm applications based actions (discovery / attacks)","archived":false,"fork":false,"pushed_at":"2026-02-16T16:13:13.000Z","size":2186,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-02-16T23:30:11.194Z","etag":null,"topics":["attack","chaos-engineering","discovery","fault","helm","java","jvm","kubernetes","process"],"latest_commit_sha":null,"homepage":"https://hub.steadybit.com/extension/com.steadybit.extension_jvm","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/steadybit.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-06-02T12:15:21.000Z","updated_at":"2026-02-16T16:13:09.000Z","dependencies_parsed_at":"2024-01-27T21:27:40.934Z","dependency_job_id":"5cedcecd-cbb7-4fcf-ac32-d89fc95699b1","html_url":"https://github.com/steadybit/extension-jvm","commit_stats":null,"previous_names":["steadybit/extension-jvm"],"tags_count":90,"template":false,"template_full_name":"steadybit/extension-scaffold","purl":"pkg:github/steadybit/extension-jvm","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/steadybit%2Fextension-jvm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/steadybit%2Fextension-jvm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/steadybit%2Fextension-jvm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/steadybit%2Fextension-jvm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/steadybit","download_url":"https://codeload.github.com/steadybit/extension-jvm/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/steadybit%2Fextension-jvm/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29670123,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-21T00:11:43.526Z","status":"ssl_error","status_checked_at":"2026-02-20T23:52:33.807Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["attack","chaos-engineering","discovery","fault","helm","java","jvm","kubernetes","process"],"created_at":"2025-02-06T09:17:07.210Z","updated_at":"2026-02-21T01:13:24.393Z","avatar_url":"https://github.com/steadybit.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cimg src=\"./logo.svg\" height=\"130\" align=\"right\" alt=\"JVM logo\"\u003e\n\n# Steadybit extension-jvm\n\nThis [Steadybit](https://www.steadybit.com/) extension provides a JVM instance discovery and the various actions for JVM\ninstances targets.\n\nLearn about the capabilities of this extension in\nour [Reliability Hub](https://hub.steadybit.com/extension/com.steadybit.extension_jvm).\n\n## Configuration\n\n| Environment Variable | Helm value | Meaning | Required | Default |\n|---------------------------------------------------------|--------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------|----------|---------|\n| `STEADYBIT_EXTENSION_RUNTIME` | `container.runtime` | The container runtime to user either `docker`, `containerd` or `cri-o`. Will be automatically configured if not specified. | yes | (auto) |\n| `STEADYBIT_EXTENSION_SOCKET` | `containerRuntimes.(docker/containerd/cri-o).socket` | The socket used to connect to the container runtime. Will be automatically configured if not specified. | yes | (auto) |\n| `STEADYBIT_EXTENSION_CONTAINERD_NAMESPACE` | | The containerd namespace to use. | yes | k8s.io |\n| `STEADYBIT_EXTENSION_RUNC_ROOT` | `containerRuntimes.(docker/containerd/cri-o).runcRoot` | The runc root to use. | yes | (auto) |\n| `STEADYBIT_EXTENSION_RUNC_DEBUG` | | Activate debug mode for run. | | |\n| `STEADYBIT_EXTENSION_JVM_ATTACHMENT_ENABLED` | | is jvm attachment enabled | no | true |\n| `STEADYBIT_EXTENSION_JAVA_AGENT_ATTACHMENT_PORT` | | java agent attachment port | no | 8095 |\n| `STEADYBIT_EXTENSION_CONTAINER_ADDRESS` | | public ip of the extension | no | |\n| `STEADYBIT_EXTENSION_DISCOVERY_ATTRIBUTES_EXCLUDES_JVM` | `discovery.attributes.excludes.jvm` | List of Target Attributes which will be excluded during discovery. Checked by key equality and supporting trailing \"*\" | false | |\n\nThe extension supports all environment variables provided\nby [steadybit/extension-kit](https://github.com/steadybit/extension-kit#environment-variables).\n\nWhen installed as linux package this configuration is in`/etc/steadybit/extension-jvm`.\n\n## Needed capabilities\n\nThe capabilities needed by this extension are: (which are provided by the helm chart)\n\n- `SYS_ADMIN`\n- `SYS_RESOURCE`\n- `SYS_PTRACE`\n- `KILL`\n- `NET_ADMIN`\n- `DAC_OVERRIDE`\n- `SETUID`\n- `SETGID`\n- `AUDIT_WRITE`\n\n## Needed access to the java process\n\nTo be able to discover we need access to the java process. This is done by using the `attach` mechanism of the JVM. This\nis a standard mechanism and is used by many other tools.\nYou may see a warning in the logs of the JVM that the extension is attaching to the JVM. This is normal and expected.\nIt will look like this:\n\n```\nWARNING: A Java agent has been loaded dynamically (...javaagent-init.jar)\nWARNING: Dynamic loading of agents will be disallowed by default in a future release\n```\n\nTo avoid this warning or be able to use this extension in future java releases you can use the\n`-XX:+EnableDynamicAgentLoading` flag in your JVM commandline to be able to load the javaagent dynamically.\n\n## Needed configuration for Spring Boot\n\nIn order to discover the spring boot applications correctly you need to enable some JMX beans and set an application name.\nAdd these to your `application.properties`:\n\n```properties\nspring.application.name=my-application-name\nspring.jmx.enabled=true\nmanagement.endpoints.jmx.exposure.include=beans,mappings\n```\n\n## Installation\n\n### Kubernetes\n\nDetailed information about agent and extension installation in kubernetes can also be found in\nour [documentation](https://docs.steadybit.com/install-and-configure/install-agent/install-on-kubernetes).\n\n#### Recommended (via agent helm chart)\n\nAll extensions provide a helm chart that is also integrated in the\n[helm-chart](https://github.com/steadybit/helm-charts/tree/main/charts/steadybit-agent) of the agent.\n\nThe extension is installed by default when you install the agent.\n\nYou can provide additional values to configure this extension.\n\n```\n--set extension-jvm.container.runtime={{YOUR-CONTAINER-RUNTIME}} \\\n```\n\nAdditional configuration options can be found in\nthe [helm-chart](https://github.com/steadybit/extension-jvm/blob/main/charts/steadybit-extension-jvm/values.yaml) of the\nextension.\n\n#### Alternative (via own helm chart)\n\nIf you need more control, you can install the extension via its\ndedicated [helm-chart](https://github.com/steadybit/extension-jvm/blob/main/charts/steadybit-extension-jvm).\n\n```bash\nhelm repo add steadybit-extension-jvm https://steadybit.github.io/extension-jvm\nhelm repo update\nhelm upgrade steadybit-extension-jvm \\\n --install \\\n --wait \\\n --timeout 5m0s \\\n --create-namespace \\\n --namespace steadybit-agent \\\n --set container.runtime=docker \\\n steadybit-extension-jvm/steadybit-extension-jvm\n```\n\n### Linux Package\n\nPlease use\nour [agent-linux.sh script](https://docs.steadybit.com/install-and-configure/install-agent/install-on-linux-hosts)\nto install the extension on your Linux machine. The script will download the latest version of the extension and install\nit using the package manager.\n\nAfter installing, configure the extension by editing `/etc/steadybit/extension-jvm` and then restart the service.\n\n## Extension registration\n\nMake sure that the extension is registered with the agent. In most cases this is done automatically. Please refer to\nthe [documentation](https://docs.steadybit.com/install-and-configure/install-agent/extension-registration) for more\ninformation about extension registration and how to verify.\n\n## Anatomy of the extension / Security\n\nWe try to limit the access needed for the extension to the absolute minimum. So the extension itself can run as a\nnon-root user on a read-only root file-system and will, by default, if deployed using the provided helm chart.\n\nIn order to execute certain actions the extension needs extended capabilities, see details below.\n\n### Discovery / state attacks\n\nFor discovery the extension needs access to the container runtime socket.\n\n### Resource and network attacks\n\nTo `attach` to the target JVM the extension starts an attachment process in the target's linux namespace(s),\ncontrol group(s), using the root user (`uid=0`, `gid=0`). This process is short-lived and terminates after attachment.\n\nThis requires the following capabilities:\n`SYS_ADMIN`, `SYS_RESOURCE`, `SYS_PTRACE`, `KILL`, `NET_ADMIN`, `DAC_OVERRIDE`, `SETUID`, `SETGID`, `AUDIT_WRITE`\n\n## FAQ\n\n#### How do I exclude my JVM from the discovery mechanism?\n\nAdd the `steadybit.agent.disable-jvm-attachment` flag to your JVM commandline like in this example:\n\n```\njava -Dsteadybit.agent.disable-jvm-attachment -jar spring-boot-sample.jar --server.port=0\n```\n\n## Version and Revision\n\nThe version and revision of the extension:\n- are printed during the startup of the extension\n- are added as a Docker label to the image\n- are available via the `version.txt`/`revision.txt` files in the root of the image\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsteadybit%2Fextension-jvm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsteadybit%2Fextension-jvm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsteadybit%2Fextension-jvm/lists"}