Sipsjava.com

Charis AI

Charis is a Java-based harness for running tool-using LLM agents, built around Anthropic’s Claude models. It runs locally or remotely, serving a Svelte web UI over HTTP, and ships with a growing set of tools aimed at security practitioners.

Beyond the usual filesystem, shell, web, and memory tools, Charis maintains local mirrors of the NIST National Vulnerability Database (NVD) and Google Project Zero’s “0day In The Wild” catalogue, letting agents answer CVE, CVSS, and real-world exploitation questions directly against the data. Review the blog posts for progress and additional details. Video demonstrates some of the tool capabilities but not the security tools.

Charis is a proof of concept and is not yet available to the public.

JVMXRay Logo

JVMXRay is a real-time security monitoring agent for Java applications. It attaches via the standard -javaagent flag, no source code changes or recompilation needed, and uses bytecode injection to observe how an application interacts with protected resources.

JVMXRay includes nineteen modular sensors to track, file I/O, network connections, SQL queries, cryptographic operations, authentication events, process execution, serialization, reflection, HTTP requests, and more. Events are emitted as structured, machine-readable Logback messages rather than unstructured messages written by developers of various quality. Automatic cross-sensor correlation via trace IDs and scope chains lets teams reconstruct full attack chains, from an inbound HTTP request through SQL injection to data exfiltration, in a single query.

What does it provide? In a nutshell…

JVMXRay emits structured security events as log messages over Logback, supercharging the centralized log analysis you already have in place. Instead of grep-ing through walls of unstructured text, tools like Splunk, ELK, or DataDog can immediately parse, index, and alert on every event. Here are a few log messages from tests that run at build time showing different sensor types and log meta:

// System.getProperty() call: our app uses 3rd party libs like Apache and it's
//   retrieving a property setting.

C:AP | 2026.03.30 at 13:39:04 CDT | main |  INFO | org.jvmxray.events.config.property |  | caller=com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager:227, trace_id=4iluqvt6cxe6u2hwdp7zqsy7q, parent_scope=none, property_key=javax.xml.accessExternalSchema, value_retrieved=false, AID=F3F1F919-1802-494B-A316-D10273141149, operation=system_getProperty, scope_depth=1, scope_chain=Config, CID=unit-test

// 3rd party lib statically loaded (like an Import).  We can see the fully
//   qualified path to the loaded library.  We can also see dynamically
//   loaded libraries w/transitive dependencies.

C:AP | 2026.03.30 at 13:39:04 CDT | main |  INFO | org.jvmxray.events.system.lib |  | load_type=static, trace_id=52q92hurijffqwr72hk5b6ei2, sha256=b4a6981f3ed4ab7d57b4fa4d13d0a81c615e501fb1ea36a9aa59aa3eaaba99f6, groupId=org.jvmxray, packages=org.jvmxray, version=0.0.1, scope_depth=1, caller=unknown:0, implVersion=0.0.1, parent_scope=none, jar_path=/Users/milton/github/jvmxray/target/jvmxray-0.0.1.jar, artifactId=jvmxray, AID=F3F1F919-1802-494B-A316-D10273141149, scope_chain=Lib, CID=unit-test

// A process execution was noted.  In our case, a test program TurtleIntegrationTest
//   ran an executable at line 799.

C:AP | 2026.03.30 at 13:39:05 CDT | main |  INFO | org.jvmxray.events.system.process |  | args=JVMXRay Process Test, caller=org.jvmxray.shared.integration.turtle.TurtleIntegrationTest:799, trace_id=atpi9b8ddjp769o87lime6uf7, execution_time_ms=6, parent_scope=none, AID=F3F1F919-1802-494B-A316-D10273141149, operation=EXECUTE, scope_depth=1, command=echo, scope_chain=Process, status=started, CID=unit-test
DeepViolet Logo

DeepViolet API · DeepViolet Tools are open-source Java projects for analyzing and assessing the security of TLS/SSL connections. The API provides programmatic access for embedding connection analysis into custom applications, CI/CD pipelines, and security tooling. The Tools project builds on the API to deliver a desktop GUI application and a command-line scanner for interactive use — no coding required.

Together they support cipher suite enumeration, certificate chain analysis and validity checking, revocation verification via OCSP, CRL, and Certificate Transparency, CAA and DANE/TLSA checks, and post-quantum readiness assessment. The tools layer adds risk scoring using a YAML-driven engine with 65 rules across 7 categories, multiple export formats including HTML, PDF, and JSON, heat map visualization for at-a-glance comparison, and an integrated AI assistant with support for OpenAI, Anthropic, and Ollama models.

What does it provide? In a nutshell…

Following image is a DeepViolet TLS Workbench report fragment showing a transport risk analysis. If desired, these reports can be printed with full meta data, CRL/OCSP responder status, CT log verification, etc. However, most people just want to see the risks.