DevOps and Supply Chain Security

The next key section looks at Java in the world of Devops. The survey found that:

Dead or unused code is a major challenge, with 62% of survey participants reporting it hampers their DevOps teams' effectiveness as well as Security taking a toll on DevOps productivity.

False positives, identifying real vulnerabilities, critical production security issues within the Java ecosystem, monitoring and patching vulnerabilities etc are consuming the team's time, who subsequently can't focus on the things that matter; that is fast delivery cycles.

The survey however does not cover another detrimental to devops teams factor, that of Software Supply Chain Security, the hottest term in Appsec. In "The I Programmer Java 2023 Recap" in December of that year, we've looked at SBOMs (Software Bills of Materials) with the release of Jbom, an open source project hosted by the Eclipse Foundation that generates Runtime and Static SBOMs for local and remote Java apps, as well as Sigstore Java. Since then there's nothing Java focused going on, maybe except of the GitHub and Gradle partnership to strengthen Supply Chain Security, May 2024:

Integrating Gradle builds with Github's Actions promotes the best security practices among Gradle users. To do this there's a new official and open-source GitHub Action that generates complete and accurate information about dependencies in Gradle projects courtesy of Dependabot.

Looking beyond Java, but also applicable to Java, there's now help in keeping track of vulnerabilities with services like OpenSSF's Siren. Siren is a new mailing list by the OpenSSF which aims to monitor the threat landscape of open-source project vulnerabilities in order to provide real time alerts to anyone subscribed.

Another one is the Open-Source Vulnerabilities, OSV, database, a project from Google that goes beyond the current state of CVE tracking, and recently again from Google there's Vanir, a new security patch validation tool made available for Android but not inclusive. You can find all the links to those articles at the Related Articles section at the bottom f this one.

Keeping Up with ML and AI

Finally a look at Java and AI. In this world, the "enemy" is Python of course. However this survey highlights that for Java-centric developers and businesses, Java remains a top choice. In fact, 50% of organizations use Java to code AI functionality — surpassing both Python and JavaScript.

And how could that not be when there's libraries like JavaML, which the survey found was the most popular, SpringAI which with you can start integrating the OpenAI and Azure OpenAI services in your Java code to leverage the power of LLMs from within your Spring code, Microsoft's Semantic Kernel, an open source lightweight framework that lets you easily mix conventional programming languages with AI "prompts", and lately Spring AI MCP?

Saying that, where Java misses functionality that lives exclusively in Python, with GraalVM you can now tap into that from Java code. GraalVM is capable of running programs in different languages other than Java, allowing direct interoperation among them. As such you can write polyglot programs, like calling JavaScript from within Java or Ruby from Python, etc, the so called “Truffle” languages.

The conclusion is that Java has not only firmly re-established itself at the throne of enterprise apps, but has since doubled down on it with many new advancements.

The Role of the JVM

Of course it's a bit unfair for the language to take all the credit. The other magic ingredient to success is of course the venerable JVM, which looks like it becoming the melting pot for all languages, as we've seen in Truffle. And there's a great reason why.

In an recent interview I've done with Flavio Glock and his PerlOnJava project, an implementation of the Perl programming language designed to run on the JVM, I asked
whether in this modern era of the cloud, is after all the integration with modern backends like the JVM a prerequisite for Perl to stay alive and continue thrive?

The answer given by Flavio was enlightening :

In this cloud-driven era, integrating with modern backends like the JVM is crucial for Perl’s continued relevance. Projects like PerlOnJava demonstrate Perl's ability to adapt and thrive in a new landscape. By leveraging the JVM, Perl can access an extensive library ecosystem, take advantage of modern performance optimizations, and integrate more easily into enterprise-level solutions, like cloud services and containerized environments.

So Java's ecosystem's ripples reach far beyond the language...

More Information

Java Trends 2025: State of Java Survey & Report

Related Articles

The I Programmer Java 2023 Recap

Flavio Glock On Perl, Java, Compilers And Virtual Machines

Semantic Kernel for Java Now GA

Introducing Spring AI

OpenSSF's Siren To Warn About OSS Vulnerabilities

Patch Android Vulnerabilities With Google's Vanir

Track Open Source Vulnerabilities With Google's OSV Database

GitHub and Gradle Partner To Strengthen Supply Chain Security

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Comments

Make a Comment or View Existing Comments Using Disqus

or email your comment to: comments@i-programmer.info