Merge pull request #21473 from jtduffy/patch-36

cbehera-newrelic · web-flow · commit 3feb52e27a20 · 2025-08-15T19:06:09.000+05:30
Update java-agent-configuration-config-file.mdx
diff --git a/src/content/docs/apm/agents/java-agent/configuration/java-agent-configuration-config-file.mdx b/src/content/docs/apm/agents/java-agent/configuration/java-agent-configuration-config-file.mdx
@@ -5058,6 +5058,255 @@ You can set the New Relic Security agent configuration in the `security` section
   New Relic Security agent interactive applications security testing (IAST) mode requires [Java agent version 8.4.0 or higher](/docs/agents/java-agent/installation/upgrade-java-agent).
 </Callout>
 
+## Skip Applications [#skip-applications]
+
+The agent can be selectively disabled based on the startup main class or executable jar file that is extracted from the command line. This is handy in situations where the "JAVA_TOOL_OPTIONS" environment 
+variable is present and contains the -javaagent flag but we don't want to apply the instrumentation to all java apps in the environment - for example in a Kubernetes container.
+
+<Callout variant="important">
+  The skip configuration is only supported via an environment variable because of how early in the agent lifecycle the skip configuration needs to be checked.
+</Callout>
+
+For diagnostic purposes, if the `NEW_RELIC_STARTUP_JAVA_ARTIFACT_SKIPS` variables is defined, the agent will print the extracted command line and parsed skip tokens to stdout:
+```
+New Relic Agent: Configured startup Java artifacts skip string: keytool,Main
+New Relic Agent: Retrieved current startup command line / main artifact name: /Users/bob/.sdkman/candidates/java/11.0.17-amzn/bin/keytool
+```
+
+If the agent is disabled based on the defined skip variable, the following will be dumped to stdout:
+```
+----------
+New Relic Agent is disabled by startup skip configuration.
+----------
+```
+
+<CollapserGroup>
+  <Collapser
+    id="cfg-skip-configuration"
+    title="NEW_RELIC_STARTUP_JAVA_ARTIFACT_SKIPS"
+  >
+    <table>
+      <tbody>
+        <tr>
+          <th>
+            Type
+          </th>
+
+          <td>
+            List of strings
+          </td>
+        </tr>
+
+        <tr>
+          <th>
+            Default
+          </th>
+
+          <td>
+            (none)
+          </td>
+        </tr>
+      </tbody>
+    </table>
+
+    A comma separated list of main classes, executable jar files or Java based tools/apps that the agent should NOT instrument. For example:
+    `NEW_RELIC_STARTUP_JAVA_ARTIFACT_SKIPS=keytool,myapp.jar,IgnoreThisClass`.
+  </Collapser>
+
+  <Collapser
+    id="cfg-security-enabled"
+    title="enabled"
+  >
+    <table>
+      <tbody>
+        <tr>
+          <th>
+            Type
+          </th>
+
+          <td>
+            Boolean
+          </td>
+        </tr>
+
+        <tr>
+          <th>
+            Default
+          </th>
+
+          <td>
+            `false`
+          </td>
+        </tr>
+      </tbody>
+    </table>
+
+    Determines whether the security data is sent to New Relic or not. When this is disabled and agent.enabled is true, the security module will run but data will not be sent. Default is false.
+  </Collapser>
+
+  <Collapser
+    id="cfg-security-mode"
+    title="mode"
+  >
+    <table>
+      <tbody>
+        <tr>
+          <th>
+            Type
+          </th>
+
+          <td>
+            String
+          </td>
+        </tr>
+
+        <tr>
+          <th>
+            Default
+          </th>
+
+          <td>
+            `IAST`
+          </td>
+        </tr>
+      </tbody>
+    </table>
+
+    New Relic Security provide mode: IAST. Default is IAST. Due to the invasive nature of IAST scanning, DO NOT enable this mode in either a production environment or an environment where production data is processed.
+  </Collapser>
+
+  <Collapser
+    id="cfg-security-validator-service-url"
+    title="validator_service_url"
+  >
+    <table>
+      <tbody>
+        <tr>
+          <th>
+            Type
+          </th>
+
+          <td>
+            String
+          </td>
+        </tr>
+
+        <tr>
+          <th>
+            Default
+          </th>
+
+          <td>
+            `wss://csec.nr-data.net`
+          </td>
+        </tr>
+      </tbody>
+    </table>
+
+    New Relic Security’s SaaS connection URL. This is the endpoint that the security agent sends data to, it should match that environment that you have set for the APM Java agent.
+
+    US Production: wss://csec.nr-data.net
+  </Collapser>
+
+  <Collapser
+    id="cfg-security-detection-rci-enabled"
+    title="detection.rci.enabled"
+  >
+    <table>
+      <tbody>
+        <tr>
+          <th>
+            Type
+          </th>
+
+          <td>
+            Boolean
+          </td>
+        </tr>
+
+        <tr>
+          <th>
+            Default
+          </th>
+
+          <td>
+            `true`
+          </td>
+        </tr>
+      </tbody>
+    </table>
+
+    Enable RCI security event detection. Default is true.
+  </Collapser>
+
+  <Collapser
+    id="cfg-security-detection-rxss-enabled"
+    title="detection.rxss.enabled"
+  >
+    <table>
+      <tbody>
+        <tr>
+          <th>
+            Type
+          </th>
+
+          <td>
+            Boolean
+          </td>
+        </tr>
+
+        <tr>
+          <th>
+            Default
+          </th>
+
+          <td>
+            `true`
+          </td>
+        </tr>
+      </tbody>
+    </table>
+
+    Enable RXSS security event detection. Default is true.
+  </Collapser>
+
+  <Collapser
+    id="cfg-security-detection-deserialization-enabled"
+    title="detection.deserialization.enabled"
+  >
+    <table>
+      <tbody>
+        <tr>
+          <th>
+            Type
+          </th>
+
+          <td>
+            Boolean
+          </td>
+        </tr>
+
+        <tr>
+          <th>
+            Default
+          </th>
+
+          <td>
+            `true`
+          </td>
+        </tr>
+      </tbody>
+    </table>
+
+    Enable deserialization security event detection. Default is true.
+  </Collapser>
+</CollapserGroup>
+
+<Callout variant="important">
+  New Relic Security agent interactive applications security testing (IAST) mode requires [Java agent version 8.4.0 or higher](/docs/agents/java-agent/installation/upgrade-java-agent).
+</Callout>
+
+
 ## Slow transaction Detection
 
 The agent can now detect slow transactions via `SlowTransaction` events since Java Agent version `8.7.0`.
