Avoid plaintext or legacy network protocols | Critiq Docs

#Metadata

Rule ID: java.security.insecure-network-protocol
Severity: high
Confidence: 0.92
Languages: java
Presets: security, strict
Stability: stable
Applies to: block
Tags: java, rules-catalog, security, transport

#Why it matters

These schemes transmit credentials and payloads in cleartext or load remote archives without integrity checks.

#Remediation

Use `https://`, `sftp://`, or `ssh://` and verify integrity for remote archives instead of `jar:http://`.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/java/java.security.insecure-network-protocol.rule.yaml.

Back to directory Open rule in repository