CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl-labs/springboot-security-basics

Security defaults that belong in every Spring Boot application from day one.

88

1.79x
Quality

83%

Does it follow best practices?

Impact

97%

1.79x

Average score across 5 eval scenarios

SecuritybySnyk

Passed

No known issues

Overview
Quality
Evals
Security
Files

Evaluation results

97%

42%

Build a Blog Platform API with Spring Boot

Criteria
Without context
With context

SecurityFilterChain bean used

100%

100%

CORS configured with explicit origins

20%

100%

Security headers configured

0%

100%

CSRF disabled for stateless API

100%

100%

Rate limiting present

0%

100%

Input validation with @Valid

75%

100%

Global exception handler safe

100%

100%

Slug validation

25%

62%

CRUD endpoints functional

100%

100%

Error stack traces not exposed

60%

100%

94%

25%

Build a Room Booking API with Spring Boot

Criteria
Without context
With context

SecurityFilterChain bean used

100%

100%

CORS configured with explicit origins

30%

100%

BCryptPasswordEncoder for passwords

100%

100%

CSRF disabled for stateless API

100%

0%

Rate limiting on auth endpoints

0%

100%

Security headers configured

0%

100%

Input validation with @Valid

100%

100%

Role-based access control

100%

100%

Password not in responses

100%

100%

Booking ownership enforcement

100%

100%

Global exception handler

33%

100%

98%

61%

Build a Product Catalog API with Spring Boot

Criteria
Without context
With context

SecurityFilterChain bean used

100%

100%

CORS configured with explicit origins

20%

100%

Security headers configured

0%

100%

CSRF disabled for stateless API

100%

100%

Rate limiting on API routes

0%

100%

Input validation with @Valid

0%

100%

Query parameter validation

37%

75%

CRUD endpoints functional

100%

100%

Global exception handler

0%

100%

98%

48%

Build a Task Tracker API with Spring Boot

Criteria
Without context
With context

SecurityFilterChain bean used

100%

100%

CORS configured with explicit origins

20%

100%

Security headers configured

0%

100%

CSRF disabled for stateless API

100%

100%

Rate limiting on API routes

0%

100%

Input validation with @Valid

100%

100%

Query parameter validation

25%

75%

Global exception handler

0%

100%

CRUD endpoints functional

100%

100%

Lambda DSL throughout

100%

100%

100%

41%

Build a User Management API with Spring Boot

Criteria
Without context
With context

SecurityFilterChain bean used

100%

100%

CORS configured with explicit origins

33%

100%

BCryptPasswordEncoder for passwords

100%

100%

CSRF disabled for stateless API

100%

100%

Rate limiting on auth endpoints

0%

100%

Security headers configured

0%

100%

Input validation with @Valid

20%

100%

Role-based access control

100%

100%

Password not in responses

100%

100%

Global exception handler

28%

100%

Evaluated
Agent
Claude Code
Model
Claude Sonnet 4.6

Table of Contents

Build a Blog Platform API with Spring BootBuild a Room Booking API with Spring BootBuild a Product Catalog API with Spring BootBuild a Task Tracker API with Spring BootBuild a User Management API with Spring Boot