Skip to content

Java Tracer getting started guide🔗

This guide explains how to use the SandboxAQ Java Tracer to obtain a cryptography trace from an application.


Before using the Java Tracer, make sure you’ve followed the installation instructions.

You’ll also need a Java application that you can run in a terminal with the java command. For other Java applications, refer to the Java Tracer reference.

Tracing the application🔗

Navigate to a directory where you have write permissions and execute your app with the java command as you typically would, but this time, include the -javaagent:/path/to/cs-java-tracer.jar command-line parameter.

For instance, you can run the following command if your application doesn’t require any other command-line parameters:

java -javaagent:/path/to/cs-java-tracer.jar -jar /path/to/application.jar

When your application has finished executing, the cs-tracer directory will contain the generated trace file(s):

└── cs-trace_2022-06-02-13-30-53-113_79629.cst.gz


If the traced application is terminated abruptly, the resulting gzip file may be missing a trailer and appear to be corrupted. However, AQtive Guard should still be able to analyze the contents of the trace.


Additional configuration is required for Java applications launched from within application servers. See Using the tracer in application frameworks for details.

Upload the trace to AQtive Guard to run an analysis and generate a report. Refer to these instructions:

You can change the trace output location of the Java Tracer by using the -Dcryptosense.agent.out parameter. Refer to Configuration in the Java Tracer reference for a list of available parameters and how to use them.