## Overview This epic focuses on improving Java static reachability analysis to better handle Spring Boot applications and dynamic library loading patterns that currently result in high false negative rates. ## Problem Statement Static reachability analysis shows high false negative rates in Java applications due to runtime loading patterns that bypass direct imports, like: - **Configuration-driven loading** (database URLs, module configs) - **Annotation-based dependency injection** (`@Autowired`, `@Component`) - **Auto-discovery mechanisms** (classpath scanning, reflection) - **Framework-specific instantiation** (Spring Boot auto-configuration) **Example:** [Spring PetClinic](https://gitlab.com/gitlab-org/security-products/tests/spring-petclinic-fork) shows 85/132 packages as `not_found` ## Primary Focus Solving problems with Spring Boot and dynamic loading of libraries. ## Scope This epic includes work on Investigating Maven static reachability for runtime-loaded dependencies (#569400) ## Success Criteria - Reduce false negative rates in Spring Boot applications - Support common runtime loading patterns ## Parent Epic &15750+s