Open Source Tracing
This document provides instructions on how to configure the agent to trace frameworks and open source libraries used in Java applications. You can configure this by adding the weaving option to the Java agent configuration file (whatap.conf), and it guides you on how to support various framework and library versions.
For example, if you use spring-boot-3.x, feign-client-11, and okhttp3-4.4 as frameworks or open sources, set the options as follows:
weaving=spring-boot-3.0,feign-11,okhttp3-4.4
Supported Open Source List
For configuration methods for frameworks or open sources being traced through the Java agent, refer to the following:
Apache Camel
CXF
| camel-cxf Version | Configuration value | Minimum agent version |
|---|---|---|
| 3.15 or later | weaving=camel-cxf-3.15 | v2.2.27 |
Netty
| camel-netty4 Version | Configuration value | Minimum agent version |
|---|---|---|
| 2.25 or later | weaving=camel-netty4-2.25 | v2.2.42 |
SEDA
| camel-seda Version | Configuration value | Minimum agent version |
|---|---|---|
| 2.22 or later | weaving=camel-seda-2.22 | v2.2.20 |
| 3.2 or later | weaving=camel-seda-3.2 | v2.2.20 |
DB2
| DB2 Version | Configuration value | Minimum agent version |
|---|---|---|
| 11.5 or later | weaving=db2-11.5 | v2.2.18 |
DynamoDB
| DynamoDB Version | Configuration value | Minimum agent version |
|---|---|---|
| 1.11 | weaving=dynamodb-1.11 | v2.2.39 |
| 2.25 | weaving=dynamodb-2.25 | v2.2.39 |
Feign Client
| Feign Version | Configuration value | Minimum agent version |
|---|---|---|
| 11 or later | weaving=feign-11 | v2.2.6 |
Hystrix
| Hystrix Version | Configuration value | Minimum agent version |
|---|---|---|
| 1.5 or later | weaving=hystrix-1.5 | v2.0_21 |
Kafka
| Kafka Version | Configuration value | Minimum agent version |
|---|---|---|
| kafka-clients 2.4.0 or later | weaving=kafka-clients-2.4.0 | v2.2.15 |
| reactor-kafka 1.3 or later | weaving=reactor-kafka-1.3 | v2.2.5 |
Logging
Log4j2
| Log4j2 Version | Configuration value | Minimum agent version |
|---|---|---|
| 2.17 or later | weaving=log4j-2.17 | v2.2.28 |
Logback
| Logback Version | Configuration value | Minimum agent version |
|---|---|---|
| 1.2.8 or later | weaving=logback-1.2.8 | v2.2.28 |
MongoDB
| MongoDB Version | Configuration value | Minimum agent version |
|---|---|---|
| 3.8.2 or later | weaving=mongodb-3.8 | v2.2.11 |
| 4.0.3 or later | weaving=mongodb-4.0 | v2.2.11 |
| 4.4 or later | weaving=mongodb-4.4 | v2.2.11 |
| 4.8 or later | weaving=mongodb-4.8 | v2.2.11 |
| 4.11 or later | weaving=mongodb-4.11 | v2.2.45 |
| 5.0 or later | weaving=mongodb-5.0 | v2.2.45 |
Mule Framework
| Mule Version | Configuration value | Minimum agent version |
|---|---|---|
| 3.9.5 or later | weaving=mule-3.9.5 | v2.2.23 |
| 4.5 or later | weaving=mule-4.5 | v2.2.23 |
OkHttp
| OkHttp Version | Configuration value | Minimum agent version |
|---|---|---|
| 2.7 or later | weaving=okhttp-2.7 | v2.0_15 |
| 3.x | weaving=okhttp3 | v2.0_15 |
| 3.x (4.4 or later) | weaving=okhttp3-4.4 | v2.2.9 |
Quarkus Reactive
| Quarkus Reactive Version | Configuration value | Minimum agent version |
|---|---|---|
| 1.13 or later | weaving=quarkus-reactive-1.13 | v2.2.19 |
| 2.10 or later | weaving=quarkus-reactive-2.10 | v2.2.19 |
RabbitMQ
| reactor-rabbitmq Version | Configuration value | Minimum agent version |
|---|---|---|
| 1.2 or later | weaving=reactor-rabbitmq-1.2 | v2.0_06 |
Redis
Jedis
| Jedis Version | Configuration value | Minimum agent version |
|---|---|---|
| 2.9.0 or later | weaving=jedis-2.9 | v2.2.43 |
| 2.9.3 or later | weaving=jedis-2.9 | v2.0_33 |
| 3.2 or later | weaving=jedis-3.2 | v2.0_09 |
Lettuce
| Lettuce Version | Configuration value | Minimum agent version |
|---|---|---|
| 5.1 or later | weaving=lettuce-5.1 | v2.2.7 |
| 6.2 or later | weaving=lettuce-6.2 | v2.2.16 |
Retrofit
| Retrofit Version | Configuration value | Minimum agent version |
|---|---|---|
| 2.5 or later | weaving=retrofit-2.5 | v2.2.39 |
Cannot be used simultaneously with okhttp configuration
Ribbon
| Ribbon Version | Configuration value | Minimum agent version |
|---|---|---|
| All versions | weaving=ribbon | v2.2.10 |
Spring Boot
| Spring Boot Version | Configuration value | Minimum agent version |
|---|---|---|
| 2.1 or later | weaving=spring-boot-2.1 | v2.2.23 |
| 2.5 or later | weaving=spring-boot-2.5 | v2.2.9 |
| 2.7 or later | weaving=spring-boot-2.7 | v2.2.9 |
| 3.0 or later | weaving=spring-boot-3.0 | v2.2.9 |
| 3.2 or later | weaving=spring-boot-3.2 | v2.2.38 |
| 4.0 or later | weaving=spring-boot-4.0 | v2.2.69 |
View included technology stack
- spring-boot-2.1: r2dbc-mysql-0.8.2, spring-cloud-gateway-2.1, spring-kafka-2.7, spring-webflux-5.1, tomcat9
- spring-boot-2.5: r2dbc-mysql-0.8.2, spring-cloud-gateway-3.0, spring-kafka-2.7, spring-webflux-5.3, mongodb-4.0.3, reactor-kafka-1.3, rxjava2, tomcat9
- spring-boot-2.7: jasync-r2dbc-mysql-2.1.23, r2dbc-mysql-0.9.3, spring-cloud-gateway-3.1, spring-kafka-3.0, spring-webflux-5.3, mongodb-4.4, reactor-kafka-1.3, rxjava2, tomcat9
- spring-boot-3.0: jasync-r2dbc-mysql-2.1.23, r2dbc-mysql-1.0.2, spring-cloud-gateway-4.0, spring-kafka-3.0, spring-webflux-6.0, mongodb-4.8, redis(lettuce-6.2), reactor-kafka-1.3, rxjava3, tomcat10
- spring-boot-3.2: jasync-r2dbc-mysql-2.1.23, r2dbc-mysql-1.1.3, spring-cloud-gateway-4.1, spring-kafka-3.1, spring-webflux-6.1, redis(lettuce-6.2), reactor-kafka-1.3, rxjava3, tomcat10
- spring-boot-4.0: RestTemplate, RestClient, WebClient, R2DBC
Tomcat
| Tomcat Version | Configuration value | Minimum agent version |
|---|---|---|
| 9.x | weaving=tomcat9 | v2.2.5 |
| 10.x | weaving=tomcat10 | v2.2.5 |
Undertow
| Undertow Version | Configuration value | Minimum agent version |
|---|---|---|
| 2.2 or later | weaving=undertow-2.2 | v2.2.39 |
| 2.3 or later | weaving=undertow-2.3 | v2.2.14 |
Vert.x
| Vert.x Version | Configuration value | Minimum agent version |
|---|---|---|
| 3.5.3 | weaving=vertx-3.5 | v2.2.42 |
| 3.9 | weaving=vertx-3.9 | v2.2.44 |
| 4.5 | weaving=vertx-4.5 | v2.2.39 |
Preventing False Positives in Java Agent CVE
Library classes included in the Java agent are only loaded when actually used by the application. Even if libraries are detected during CVE vulnerability scans, there are no actual vulnerabilities if they are not being used.
To remove unnecessary tracing classes, execute the following command:
java -cp whatap.agent-X.Y.Z.jar whatap.agent.setup.RemoveWeaving -remove [weaving jar filename]
You must perform the deletion operation again with each Java agent update.
The command to remove specific library classes is supported in Java agent version 2.2.37 or later.
Usage: java -cp whatap.agent-X.Y.Z.jar whatap.agent.setup.RemoveWeaving [arguments] [weaving jar filename]
java -cp whatap.agent-2.2.37.jar whatap.agent.setup.RemoveWeaving -remove spring-boot-2.5.jar spring-boot-2.7.jar
Arguments:
-
-ror-remove: Deletes weaving jar files from the Java agent and creates a new Java agent. -
-lor-list: Prints the list of weaving jar files. -
-dor-debug: Enables debug logging. -
-eor-error: Displays full stack trace information for errors. -
-hor-help: Prints help and exits.