Classport: Designing Runtime Dependency Introspection for Java

Serena Cofano; Daniel Williams; Aman Sharma; Martin Monperrus

arXiv:2510.20340·cs.SE·April 15, 2026

Classport: Designing Runtime Dependency Introspection for Java

Serena Cofano, Daniel Williams, Aman Sharma, Martin Monperrus

PDF

TL;DR

This paper introduces Classport, a system that embeds dependency information into Java class files to enable runtime dependency introspection, addressing a key gap in Java for software supply chain security.

Contribution

We present Classport, the first approach to embed dependency info into Java class files for runtime introspection, enhancing security and dependency management.

Findings

01

Successfully identified dependencies at runtime in six real-world Java projects.

02

Demonstrated feasibility of runtime dependency introspection in Java.

03

Addressed a critical gap in Java's support for supply chain security.

Abstract

Runtime introspection of dependencies, i.e., the ability to observe which dependencies are currently used during program execution, is fundamental for Software Supply Chain security. Yet, Java has no support for it. We solve this problem with Classport, a blueprint and system that embeds dependency information into Java class files, enabling the retrieval of dependency information at runtime. We evaluate Classport on six real-world projects, demonstrating the feasibility in identifying dependencies at runtime.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.