- GraalVM for JDK 23 (Latest)
- GraalVM for JDK 24 (Early Access)
- GraalVM for JDK 21
- GraalVM for JDK 17
- Archives
- Dev Build
- Getting Started with Native Image
- Guides
- Native Image Basics
- Build Overview
- Reachability Metadata
- Optimizations and Performance
- Debugging and Diagnostics
- Debug Info Feature
- Inspect Tool
- JDK Flight Recorder
- Native Memory Tracking
- Java Diagnostic Command
- Linux Perf Profiler Support
- Points-to Analysis Reports
- Dynamic Features
- Interoperability with Native Code
- LLVM Backend
- Workshops and Labs
This documentation is for the unreleased GraalVM version.Download Early Access Builds from GitHub.
Native Image Inspect Tool
The Native Image Inspect Tool extracts embedded Software Bill of Materials (SBOM) from native executables. The functionality for extracting class-level metadata is no longer supported.
Extracting Embedded SBOM #
Native Image can embed a SBOM at build time to detect any libraries that may be susceptible to known security vulnerabilities.
Native Image provides the --enable-sbom
option to embed an SBOM into a native executable (only available in Oracle GraalVM).
The Native Image Inspect Tool can extract the compressed SBOM using the --sbom
parameter, as shown in the command:
$JAVA_HOME/bin/native-image-inspect --sbom <path_to_binary>
The Native Image Inspect Tool previously supported listing the classes, fields, and methods included in a native executable or a native shared library.
This functionality is no longer supported for security reasons.
Migrate to using class-level SBOMs instead by passing --enable-sbom=class-level,export
to the native-image
builder, which generates an SBOM containing the same kind of class-level metadata information.