Reachability for Java - Improved Accuracy and Coverage Analysis

We are pleased to announce an update to the Java Reachability Engine, which will deliver a more accurate analysis across a broader range of Java packages and vulnerabilities.

As a result of this expanded coverage, customers may see changes to existing vulnerabilities marking them as reachable. We recognize that this update may affect your triage and prioritization workflows, as we ensure that potential issues are identified with greater precision.

This change will gradually roll out on June 16th, and customers should expect to see additional coverage improvements in the upcoming months. No action is needed from customers who have already enabled the reachability feature.

Just so you know, modifications in first-party code, vulnerability analysis updates, and SAST engine improvements (like this update) can affect the reachability results, and vulnerabilities labeled as "No Path Found" can evolve to "Reachable" over time.

See our documentation to learn more about Reachability Analysis.