Oracle Java Licensing · Technical Discovery

How to Inventory Java Installations Across Your Enterprise: The Complete Technical Guide

📅 Updated December 2024 ⏱ 14 min read 🏷 Java Compliance · Technical Discovery

You cannot negotiate Oracle Java SE costs, defend an Oracle LMS audit, or execute an OpenJDK migration without first knowing exactly what Java is deployed across your enterprise. Most organizations significantly underestimate their Java footprint — Oracle JDK appears in unexpected places: embedded in application server distributions, inside container base images, on developer workstations managed by different teams, and in CI/CD build agents that were set up years ago. This guide provides the complete technical methodology for discovering every Java installation in a modern enterprise estate — with specific commands, tools, and an inventory framework that produces a defensible compliance baseline.

Get Expert Java Discovery Help → Compliance Review Service

Table of Contents

  1. Why a Complete Java Inventory Matters
  2. Identifying Oracle JDK vs OpenJDK
  3. Linux Server Discovery
  4. Windows Server Discovery
  5. Container and Kubernetes Discovery
  6. Cloud Environment Discovery (AWS/Azure/GCP)
  7. Developer Workstations and CI/CD
  8. Enterprise Discovery Tools
  9. Building the Java Compliance Register

Why a Complete Java Inventory Is the Prerequisite for Everything Else

Oracle's LMS team treats the Java discovery phase of an audit as a forensic exercise. Oracle's auditors use multiple data sources — download logs, support portal records, LMS scripts, Java Management Service telemetry — to build an inventory of your Oracle JDK installations. If Oracle's inventory is more complete than yours, you will be negotiating from a position of informational disadvantage. Their compliance gap calculation will include systems you did not know had Oracle JDK. You will not be able to challenge their scope without a complete counter-inventory of your own.

The inventory also establishes the baseline for three other critical activities. First, Employee Metric compliance: you need to know which entities in your organization are running Oracle JDK to validate that your subscription scope covers all in-scope entities, or to identify entities you can argue are out of scope. Second, OpenJDK migration: a migration without a complete inventory leaves Oracle JDK instances in production — often the hardest-to-find instances embedded in third-party application distributions. Third, cost optimization: without a complete picture of your Java footprint, you cannot accurately model the financial case for migration versus subscription negotiation.

In our experience with Java SE compliance reviews across global enterprise clients, organizations that believe they have 50–100 Oracle JDK instances typically discover 200–400 when a systematic inventory is completed. The "invisible" Oracle JDK instances come from: CI/CD build agents, developer laptops, containers built on Oracle JDK base images, application server bundled JDKs (WebLogic, JBoss EAP in some versions), and ISV applications that ship with Oracle JDK.

Identifying Oracle JDK vs OpenJDK: The Key Differentiators

The starting point for any Java inventory is understanding how to reliably distinguish Oracle JDK from OpenJDK distributions. The java -version command is the primary identification tool, but the output format varies by version and must be interpreted correctly.

Free Weekly Briefing

Oracle Licensing Intelligence — In Your Inbox

Audit alerts, contract renewal tactics, Java SE updates and negotiation intelligence from former Oracle insiders. Corporate email required.

2,000+ enterprise Oracle stakeholders. Unsubscribe anytime. No personal emails.

# Oracle JDK — identifies as "Java HotSpot(TM)" and "Oracle Corporation" $ java -version java version "17.0.9" 2023-10-17 LTS Java(TM) SE Runtime Environment (build 17.0.9+11-LTS-201) Java HotSpot(TM) 64-Bit Server VM (build 17.0.9+11-LTS-201, mixed mode, sharing) # Eclipse Temurin (Adoptium OpenJDK) — "OpenJDK" and "Eclipse Adoptium" $ java -version openjdk version "17.0.9" 2023-10-17 OpenJDK Runtime Environment Temurin-17.0.9+9 (build 17.0.9+9) OpenJDK 64-Bit Server VM Temurin-17.0.9+9 (build 17.0.9+9, mixed mode, sharing) # Amazon Corretto — "OpenJDK" and "Amazon.com Inc." $ java -version openjdk version "17.0.9" 2023-10-17 OpenJDK Runtime Environment Corretto-17.0.9.8.1 (build 17.0.9+8-LTS) OpenJDK 64-Bit Server VM Corretto-17.0.9.8.1 (build 17.0.9+8-LTS, mixed mode, sharing) # The vendor property is the most reliable identifier: $ java -XshowSettings:all -version 2>&1 | grep vendor java.vendor = Oracle Corporation <-- Oracle JDK java.vendor = Eclipse Adoptium <-- Temurin OpenJDK java.vendor = Amazon.com Inc. <-- Corretto OpenJDK java.vendor = Azul Systems, Inc. <-- Azul Zulu/Platform Core java.vendor = Red Hat, Inc. <-- Red Hat OpenJDK java.vendor = Microsoft <-- Microsoft Build of OpenJDK

Java 8 identification trap: Old Oracle JDK 8 installations may show "Oracle Corporation" as vendor but may be builds from before April 2019 (8u202 and earlier) that were free for commercial use under the original BCL. Always capture the full version string including the update number — this is essential for license term mapping.

For batch identification across many servers, the vendor property extraction can be scripted. The key vendor strings to flag for Oracle JDK are: "Oracle Corporation" and "Oracle" (for some older builds). Any installation where the vendor string contains "Oracle" warrants further investigation to determine whether it is subject to a subscription requirement.

Linux Server Discovery: Comprehensive Commands

Linux servers typically host the highest-risk Oracle JDK installations — production application servers, middleware platforms, and database servers. The discovery approach uses three complementary methods: package manager queries, filesystem search, and process inspection.

Package Manager Discovery

# RPM-based systems (RHEL, CentOS, Oracle Linux, Amazon Linux) rpm -qa --queryformat '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n' | grep -iE "(jdk|jre)" | grep -iv "openjdk\|temurin\|corretto\|azul\|microsoft" # Check specific Oracle JDK packages rpm -qa | grep -iE "oracle-j|jdk.*oracle|java.*oracle" # APT-based systems (Debian, Ubuntu) dpkg -l | grep -iE "(jdk|jre)" | grep -iv "openjdk" apt list --installed 2>/dev/null | grep -iE "(jdk|jre)" | grep -i oracle # List all Java installations found by alternatives update-alternatives --list java 2>/dev/null update-java-alternatives -l 2>/dev/null

Filesystem Search

# Find all java executables (catches non-package installations) find /usr /opt /home /srv /app* -name "java" -type f 2>/dev/null # Check vendor for each found executable find /usr /opt /home /srv /app* -name "java" -type f 2>/dev/null | while read jexe; do vendor=$("$jexe" -XshowSettings:all -version 2>&1 | grep "java.vendor" | awk -F'=' '{print $2}' | xargs) version=$("$jexe" -version 2>&1 | head -1) echo "PATH: $jexe | VENDOR: $vendor | VERSION: $version" done # Find Oracle JDK by release file (contains Java SE details) find / -name "release" -path "*/jdk*" -exec grep -l "IMPLEMENTOR=\"Oracle" {} \; 2>/dev/null

Process Inspection

# Find running Java processes and their JVM paths ps aux | grep -E "[j]ava " | awk '{print $11}' | sort -u # For each running Java process, check vendor via /proc for pid in $(ps aux | grep -E "[j]ava " | awk '{print $2}'); do javapath=$(ls -la /proc/$pid/exe 2>/dev/null | awk '{print $NF}') if [ -n "$javapath" ]; then vendor=$("$javapath" -XshowSettings:all -version 2>&1 | grep "java.vendor") echo "PID $pid: $javapath | $vendor" fi done # Use jcmd to identify Oracle JDK JVMs (if jcmd is available) jcmd -l 2>/dev/null | while read pid name; do [ "$pid" -eq 0 ] 2>/dev/null && continue vendor=$(jcmd "$pid" VM.system_properties 2>/dev/null | grep "java.vendor=" | cut -d= -f2) echo "PID $pid ($name): Vendor=$vendor" done
Java inventory taking too long to complete manually?

Our Oracle Compliance Review service includes a managed Java SE discovery engagement — we run the inventory methodology across your estate and deliver a complete Oracle JDK footprint report with license mapping and compliance gap quantification. Average engagement: 2–4 weeks for estates up to 5,000 servers.

Request Managed Discovery →

Windows Server Discovery

Windows environments require different discovery methods. Oracle JDK on Windows is typically installed via the Oracle JDK Windows installer, which creates registry entries and adds Java to the system PATH. Windows Server environments hosting Java applications — particularly those running Oracle WebLogic, Oracle Forms, or legacy enterprise applications — are a significant source of Oracle JDK installations.

Registry and WMI Discovery

# PowerShell: Find Java installations via registry Get-ItemProperty "HKLM:\SOFTWARE\JavaSoft\Java Runtime Environment\*" -ErrorAction SilentlyContinue | Select-Object PSChildName, JavaHome, @{N="Vendor";E={ $javaexe = Join-Path $_.JavaHome "bin\java.exe" if (Test-Path $javaexe) { & $javaexe -XshowSettings:all -version 2>&1 | Select-String "java.vendor" | ForEach-Object { ($_ -split "=")[1].Trim() } } }} # PowerShell: Find Oracle JDK via WMI software inventory Get-WmiObject -Class Win32_Product | Where-Object { $_.Name -like "*Oracle*Java*" -or $_.Name -like "*Java SE*" } | Select-Object Name, Version, Vendor # Find java.exe across all drives Get-ChildItem -Path C:\,D:\,E:\ -Name "java.exe" -Recurse -ErrorAction SilentlyContinue | ForEach-Object { $_.FullName } # For SCCM/Intune environments: query software inventory # Use SCCM report: "Software - All products for a specific customer or product name" # Filter on "Oracle" + "Java" or "JDK"

Environment Variable Check

# Check JAVA_HOME system environment variable [System.Environment]::GetEnvironmentVariable("JAVA_HOME", "Machine") # Check PATH for java executables $env:PATH -split ";" | Where-Object { Test-Path (Join-Path $_ "java.exe") } | ForEach-Object { $javaexe = Join-Path $_ "java.exe" $vendor = & $javaexe -XshowSettings:all -version 2>&1 | Select-String "java.vendor" "$_ : $vendor" }

Container and Kubernetes Discovery

Container environments are the most common source of undiscovered Oracle JDK installations in modern enterprise estates. See our dedicated Docker and container licensing guide for the full compliance context. The discovery commands below focus on the inventory process specifically.

Running Container Discovery

# Check all running containers for Oracle JDK (Docker) docker ps -q | while read cid; do name=$(docker inspect --format '{{.Name}}' "$cid") vendor=$(docker exec "$cid" java -XshowSettings:all -version 2>/dev/null | grep "java.vendor" | awk -F'= ' '{print $2}') version=$(docker exec "$cid" java -version 2>&1 | head -1) [ -n "$vendor" ] && echo "Container: $name | Vendor: $vendor | $version" done # Scan container registry images (local Docker daemon) docker images --format "{{.Repository}}:{{.Tag}}" | while read img; do vendor=$(docker run --rm --entrypoint "" "$img" java -XshowSettings:all -version 2>/dev/null | grep "java.vendor" | awk -F'= ' '{print $2}') [ -n "$vendor" ] && echo "Image: $img | Vendor: $vendor" done 2>/dev/null

Kubernetes Node-Level Discovery

# Run on each Kubernetes node to find Oracle JDK in running pods kubectl get pods --all-namespaces -o wide --field-selector spec.nodeName=$(hostname) | \ awk 'NR>1 {print $1, $2}' | while read ns pod; do containers=$(kubectl get pod "$pod" -n "$ns" -o jsonpath='{.spec.containers[*].name}') for container in $containers; do vendor=$(kubectl exec -n "$ns" "$pod" -c "$container" -- java -XshowSettings:all -version 2>/dev/null | grep "java.vendor" | awk -F'= ' '{print $2}') [ -n "$vendor" ] && echo "Pod: $ns/$pod/$container | Vendor: $vendor" done done # Trivy container image scanning for Java (recommended for large registries) trivy image --security-checks vuln,config --pkg-types java "$IMAGE_NAME" --format json | \ jq '.Results[] | select(.Type=="java-jar") | .Packages[] | select(.Vendor=="Oracle Corporation")'

Cloud Environment Discovery

Cloud-hosted Java instances are among the most commonly missed in enterprise inventories. Cloud compute instances are often provisioned outside the traditional ITSM/CMDB process, making them invisible to on-premises discovery tools. Each major cloud platform provides native tools for running commands across compute fleets.

AWS EC2 Discovery with AWS Systems Manager

# AWS SSM Run Command — find Oracle JDK across all managed EC2 instances aws ssm send-command \ --document-name "AWS-RunShellScript" \ --parameters 'commands=["find /usr /opt /home -name java -type f 2>/dev/null | xargs -I{} sh -c \"{} -XshowSettings:all -version 2>&1 | grep java.vendor | grep -i oracle && echo FOUND: {}\""]' \ --targets "Key=tag:Environment,Values=Production" \ --output text # AWS SSM for Windows EC2 aws ssm send-command \ --document-name "AWS-RunPowerShellScript" \ --parameters 'commands=["Get-ItemProperty HKLM:\\SOFTWARE\\JavaSoft\\Java*\\* -EA Silent | Where {$_.JavaHome} | %{ & (Join-Path $_.JavaHome bin\\java.exe) -XshowSettings:all -version 2>&1 | Select-String oracle }"]' \ --targets "Key=tag:OS,Values=Windows"

Azure Virtual Machine Discovery

# Azure Run Command — discover Oracle JDK on Azure VMs (Linux) az vm run-command invoke \ --resource-group MyResourceGroup \ --name MyVM \ --command-id RunShellScript \ --scripts "find /usr /opt -name java -type f 2>/dev/null | xargs -I{} sh -c '{} -version 2>&1 | grep -i oracle && echo Found: {}'" # Azure Resource Graph — query for Java-related extensions or tags at scale az graph query -q "Resources | where type =~ 'Microsoft.Compute/virtualMachines' | project name, resourceGroup, location, tags"

GCP Compute Discovery

# GCP OS Config — query Java via OS inventory (requires OS Config agent) gcloud compute instances os-inventory list-instances \ --filter="softwares.name~'oracle.*jdk'" \ --format="table(instance, softwares.name, softwares.version)" # GCP Cloud Shell / SSH discovery for specific instances gcloud compute ssh INSTANCE_NAME --command \ "find /usr /opt -name java -type f 2>/dev/null | xargs -I{} sh -c '{} -XshowSettings:all -version 2>&1 | grep java.vendor'"

Developer Workstations and CI/CD Pipeline Discovery

Developer endpoints and CI/CD build systems are the most frequently overlooked categories in Java inventories. Oracle JDK on developer workstations constitutes commercial use if the developer is using it for commercial software development — even if they use a personal macOS device. CI/CD build agents that compile Java code using Oracle JDK require a subscription regardless of whether the production deployment uses Oracle JDK.

macOS Developer Workstation Discovery

# macOS — find all Java installations /usr/libexec/java_home -V 2>&1 # List all JVM versions on macOS ls -la /Library/Java/JavaVirtualMachines/ # Check vendor for default Java java -XshowSettings:all -version 2>&1 | grep java.vendor # Find all java executables (catches SDKman, Homebrew, manual installs) find /Library/Java /usr/local /opt/homebrew ~/.sdkman ~/.jenv -name "java" -type f 2>/dev/null | \ xargs -I{} sh -c '{} -XshowSettings:all -version 2>&1 | grep java.vendor | grep -i oracle && echo ORACLE: {}'

CI/CD Build Agent Discovery

# Jenkins — check JAVA_HOME in Jenkins build configuration # Admin > Global Tool Configuration > JDK Installations shows configured JDKs # For Jenkins agent nodes, SSH to agent and run standard Linux discovery # GitHub Actions — check workflow files for Java setup steps grep -r "actions/setup-java" .github/workflows/ | grep -i "oracle\|jdk" grep -r "distribution.*oracle" .github/workflows/ # GitLab CI — check for Oracle JDK images in .gitlab-ci.yml grep -r "oracle" .gitlab-ci.yml | grep -i "jdk\|java" # Azure DevOps — check pipeline YAML for Java tool installer tasks grep -r "JavaToolInstaller\|oracleJdk" azure-pipelines.yml

For large developer teams, an endpoint management platform (Jamf for macOS, Microsoft Intune, SCCM for Windows) can run software inventory queries across all managed devices to identify Oracle JDK installations at scale. These platforms can be configured to flag Oracle JDK as a non-compliant software asset and alert when new Oracle JDK installations are detected — providing ongoing compliance monitoring rather than a point-in-time snapshot.

Running the inventory yourself but need help interpreting what you find?

Our Java Licensing service includes inventory review — we map your discovered Oracle JDK installations to license terms, calculate your compliance gap, and provide the negotiation or migration strategy. Many clients find the analysis more valuable than the discovery itself.

Get Inventory Analysis →

Enterprise Discovery Tools: Scaling the Inventory

For estates larger than a few hundred servers, manual script-based discovery is impractical. The following enterprise tools support Java SE inventory at scale, with varying levels of Oracle JDK-specific capability.

Trivy (Aqua Security)
Open-source container and filesystem scanner. Identifies Java installations in container images with vendor classification. Ideal for container registry scanning.
Open Source Container Focus
Flexera FlexNet Manager
Enterprise SAM platform with Java SE inventory and Oracle license position calculation. Pre-built Oracle Java SE recognition rules. Recommended for enterprises >5,000 endpoints.
Commercial SAM Platform
Snow Software
SAM platform with Java discovery and Oracle license management modules. Good cross-platform coverage including macOS developer endpoints.
Commercial SAM Platform
Red Hat Insights
Free for RHEL subscribers. Provides Java inventory across RHEL environments including version identification. Does not cover non-RHEL platforms.
Free for RHEL RHEL Only
AWS Systems Manager Inventory
Free AWS service. Collects software inventory from EC2 instances including Java packages. Requires SSM Agent on managed instances.
Free (AWS) AWS EC2
Ansible Inventory Module
Open-source automation. Custom Java discovery playbooks can run vendor checks across all Ansible-managed hosts. Requires Java-specific playbook development.
Open Source Automation

Avoid Oracle Java Management Service (JMS) for compliance discovery: Oracle JMS provides Java inventory capabilities but requires enrolling your systems with Oracle's cloud service. Any data collected via JMS may be accessible to Oracle's LMS team. Use independent discovery tools to build your inventory without providing Oracle with pre-audit intelligence about your Java footprint.

Building the Java Compliance Register

The output of your discovery exercise should be a structured Java Compliance Register — a document that serves as your evidence base for compliance decisions, audit defense, and migration planning. The register should capture the following data points for each discovered Java installation.

Field Purpose Example Value
Host / Container NameIdentifies the specific systemapp-srv-prod-042, pod/payment-api-7b8c
EnvironmentProduction, Test, Dev, CI/CDProduction
JDK VendorOracle JDK vs OpenJDKOracle Corporation
JDK VersionFull version string incl. update17.0.9+11-LTS-201
Installation PathLocation on filesystem/container/usr/lib/jvm/java-17-oracle
Installation MethodPackage manager, manual, bundledWebLogic bundled
Business ApplicationWhat runs on this JVMOracle EBS R12.2.10
Legal EntityWhich subsidiary operates this systemAcme Corp UK Ltd
License StatusLicensed, Unlicensed, Exempt, TBCUnlicensed — needs review
Remediation ActionMigrate, Subscribe, Challenge scopeMigrate to Corretto Q2 2026

The "License Status" field is the critical output of the compliance gap analysis — mapping each Oracle JDK installation to its applicable license terms and determining whether it is covered by an existing subscription, exempt under NFTC terms, or constitutes an unlicensed deployment. This mapping is the work that former Oracle LMS auditors do as part of a compliance review engagement — and it is where the difference between what Oracle claims you owe and what you actually owe is established.

A well-structured Java Compliance Register, maintained and updated quarterly, gives you the foundation for every Oracle Java SE decision: subscription renewal negotiations, OpenJDK migration project scoping, audit response preparation, and cost optimization modelling. It is the single most valuable artefact an enterprise can have going into any Oracle Java SE engagement. For help building yours, contact our team for a confidential discussion about our managed Java discovery and compliance review service.

Key Takeaways

  • Most enterprises discover 3–5x more Oracle JDK installations than expected when a systematic inventory is run — embedded JDKs in application servers, container base images, and CI/CD agents are the most common hidden sources.
  • The java.vendor property is the most reliable way to distinguish Oracle JDK from OpenJDK distributions — "Oracle Corporation" confirms Oracle JDK; all other vendors are OpenJDK variants.
  • A complete inventory covers Linux, Windows, macOS developer endpoints, Docker containers, Kubernetes pods, cloud VMs (EC2/Azure/GCP), and CI/CD build agents — any gap creates audit exposure.
  • Avoid Oracle Java Management Service (JMS) for compliance discovery — enrolling in JMS shares your Java inventory data with Oracle's systems, potentially providing pre-audit intelligence.
  • The Java Compliance Register should track vendor, version, environment, legal entity, and license status for each installation — this is the evidence base for audit defense and migration planning.
  • Enterprise SAM tools (Flexera, Snow) provide scalable discovery for large estates, but require Oracle JDK-specific configuration to differentiate Oracle JDK from OpenJDK correctly.

Oracle Java Licensing Survival Guide

Includes a complete Java inventory methodology section, Employee Metric analysis framework, and OpenJDK migration decision tree — 20 pages of actionable Oracle Java SE guidance.

Download Free Guide →

Related Java SE Technical Guides

Containers

Oracle Java SE and Docker: Container Licensing Rules

How Oracle JDK licensing applies to Docker and Kubernetes — and the OpenJDK migration path for containers.

 Audit Prep

Oracle Java SE License Audit Preparation: Technical Toolkit

How to use your inventory as the foundation for Oracle LMS audit preparation and defense.

 Java FAQ

Oracle Java SE Licensing FAQ: 25 Questions Every CTO Must Answer

The complete Java SE licensing FAQ covering Employee Metric, audit risk, and cost reduction.
FF

Fredrik Filipsson

Former Oracle sales and licensing professional with 25+ years of experience. Founder of Oracle Licensing Experts. 100% buyer-side advisory — never works for Oracle. LinkedIn ↗

Oracle Licensing Intelligence

Oracle Java compliance updates, direct to your inbox

Weekly Oracle licensing intelligence covering Java SE discovery tools, audit trends, and compliance methodology — read by 2,000+ enterprise Oracle stakeholders globally.

Independent Oracle intelligence. Unsubscribe anytime. Not affiliated with Oracle Corporation.

OL
Oracle Licensing Experts Team

Former Oracle executives, LMS auditors, and contract managers — now working exclusively for enterprise buyers. 25+ years of Oracle licensing experience across database, Java, cloud, and middleware.

About Our Team →
Independent Oracle Advisory

Start with a Complete Oracle Java SE Inventory

Former Oracle LMS auditors working exclusively for enterprise buyers. We build the complete Java SE footprint picture — then use it to protect your interests in every Oracle engagement. Not affiliated with Oracle Corporation.

Schedule Java Discovery Assessment → View Case Studies

Free Research

Download our Oracle E-Business Suite Licensing Guide — expert analysis from former Oracle insiders, 100% buyer-side.

Download the Oracle EBS Licensing Guide →