Assets covered by Spring Security and Spring Boot Actuator framework

sharidas · May 22, 2025, 4:04pm

Spring Security focuses on securing applications through authentication and authorization, while Spring Boot Actuator provides monitoring and management capabilities. We want to look for assets in IVM that are covered by this framework.

Spring Boot Configuration Files

Look for These Files:

application.properties
application.yml
application-*.properties (e.g., application-prod.properties)
application-*.yml
Located in:
- src/main/resources/
- External configuration directories (e.g., /etc/app/, Docker volumes, etc.)

Look For These Keys:

Exposure settings:
management.endpoints.web.exposure.include
management.endpoints.web.exposure.exclude
Examples:
management.endpoints.web.exposure.include=*
management.endpoints.web.exposure.include=env,heapdump,beans,mappings,threaddump
Endpoint-specific settings:
management.endpoint.env.enabled=true
management.endpoint.beans.enabled=true
management.endpoint.heapdump.enabled=true
management.endpoint.threaddump.enabled=true

Please suggest if there are any options within IVM to look for these files.