Binarly releases Transparency Platform 3.5, now with Java ecosystem support, JVM bytecode analysis, and a cryptographic-primitives scanner for JARs inside standalone apps, Docker containers, or firmware, enabling visibility without source access.

A new cryptographic algorithm identification engine analyzes Java archives and bytecode, mapping findings to NIST IR 8457 categories for PQC readiness, even when source code isn’t available.

The update includes enterprise-grade YARA integration and scalable automation to strengthen software supply chain security workflows.

Custom Rule Management lets security teams deploy YARA and FwHunt-based detections for vendor risk, hard-coded keys, or policy enforcement within the platform’s internal schema.

A unified governance pipeline now coordinates PSIRTs, TPRM teams, and procurement to drive consistent detections, evidence-based decisions, and reduced rule drift.

This governance-enabled pipeline provides enterprise-wide consistency in detections and decision-making across security, risk, and procurement functions.

The platform broadens detection and risk reporting to cover firmware, JVM bytecode, and modern software ecosystems, improving vendor risk assessments and private threat-intelligence ingestion for procurement and third-party risk teams.

New capabilities include Custom Rule Management for YARA and FwHunt, Organization Quotas for license management, enhanced triage with statuses and Markdown comments, and backend upgrades to accelerate performance and deeper extraction of cryptographic artifacts from JARs to UEFI Secure Boot keys.

Organization quotas and triage enhancements streamline license management and incident response, with centralized license allocation, assignable statuses, threaded Markdown comments, dynamic charts, and improved Android handling plus deeper cryptographic extraction across artifacts.

Additional enhancements add user-defined YARA/FwHunt rules, scalable license quotas, richer triage workflows, and backend performance boosts that expand Android support and extract cryptographic artifacts from JARs up to UEFI keys.

Procurement and third-party risk teams gain private threat-intelligence ingestion, scoped rule enforcement, and transparent, evidence-backed risk reporting, while security teams benefit from faster rule validation and streamlined triage.

The updates deliver private threat intel ingestion, scoped enforcement, and evidence-backed risk reporting for procurement, alongside faster rule validation and easier triage for security teams.

Deep YARA integration features an interactive YARA Playground, a governed Rules Manager with granular RBAC, and a Rust-based YARA-X engine for pre-deployment rule validation to ensure consistent detections across large software and firmware portfolios.

A single governed detection pipeline combines YARA-X validation, an interactive Playground, and RBAC-governed Rules Manager for PSIRTs, TPRM, and procurement.

Binarly is a U.S.-based software and firmware supply-chain security company founded in 2021, serving manufacturers and enterprises to detect vulnerabilities, misconfigurations, secrets, and malicious code across firmware and software components.

The platform provides end-to-end visibility from firmware to JVM bytecode, delivering a unified view of vulnerabilities, cryptographic posture, and reachability in complex software ecosystems.

The Code Property Graph-based engine tracks data flow, reduces false positives, and maps findings to NIST IR 8457 categories to gauge post-quantum cryptography readiness, with current support for Bouncy Castle, Apache Commons, Google Tink, and Guava, with Android analysis coming later this year.