brave
Brave is a mature Java library for distributed tracing that instruments production applications to gather timing data and correlate requests across services. It works with Zipkin backends and third-party services like AWS X-Ray, and is designed to be dependency-free and low-overhead.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | openzipkin/brave |
| Owner | openzipkin |
| Primary language | Java |
| License | Apache-2.0 — OSI-approved |
| Stars | 2.4k |
| Forks | 715 |
| Open issues | 119 |
| Latest release | 6.3.1 (2026-03-24) |
| Last updated | 2026-03-25 |
| Source | https://github.com/openzipkin/brave |
What brave is
Brave provides a dependency-free tracer API (JRE 6+) that intercepts requests, propagates trace contexts via X-B3-TraceId headers, and offers pre-built instrumentation for Servlet, Spring, gRPC, Kafka, and other common components. The library uses provided-scope dependencies to avoid transitive conflicts and maintains multi-version compatibility testing for volatile libraries.
Get the brave source
Clone the repository and explore it locally.
git clone https://github.com/openzipkin/brave.gitcd brave# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Choose instrumentation libraries matching your stack (e.g., okhttp3, grpc, kafka-clients) and align versions using the brave-bom to avoid conflicts.
- Decide on trace sampling strategy and reporting transport (e.g., async HTTP, Kafka) to balance overhead and data fidelity in production.
- Plan trace ID propagation across service boundaries; validate that all inbound and outbound request handlers use X-B3-TraceId header parsing and generation.
- Test context propagation behavior in your thread model (e.g., async frameworks, thread pools); use Brave's context libraries to integrate with SLF4J or other logging frameworks.
- Monitor reporting pipeline health; dropped or failed trace exports can silently degrade observability if not surfaced.
When to avoid it — and what to weigh
- Non-JVM distributed tracing requirement — Brave is Java-specific; projects needing multi-language tracing should evaluate language-agnostic alternatives (e.g., OpenTelemetry SDKs for Go, Python, Node.js).
- No backend infrastructure planned — Brave alone does not store or visualize traces; you must operate Zipkin or configure a third-party exporter, adding operational complexity.
- Extremely strict zero-dependency constraint — While Brave's core is dependency-free, any realistic deployment (e.g., sending traces to Zipkin) requires a reporting library; ensure your build constraints allow this.
- Real-time alerting on trace data — Brave instruments and reports traces; it does not provide real-time anomaly detection or alerting—those require downstream analytics in Zipkin or a separate APM tool.
License & commercial use
Apache License 2.0 (Apache-2.0) is a permissive OSI-approved license allowing commercial use, modification, and distribution with attribution and no warranty.
Apache-2.0 permits commercial use without licensing fees. Redistribution requires license notice; no legal review required for typical internal or SaaS deployment. Consult legal if bundling or sublicensing.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Moderate |
| DEV.co fit | Strong |
| Assessment confidence | High |
Brave instruments production requests and sends trace data (including headers, spans, tags) to a backend; ensure Zipkin or exporter is network-isolated or uses encrypted transport if tracing PII-adjacent data. No injection vulnerabilities or exploits mentioned in data, but tag sanitization depends on application code. Brave itself is dependency-free, reducing supply-chain attack surface.
Alternatives to consider
OpenTelemetry Java
Language-agnostic, vendor-neutral standard with broader ecosystem support (Jaeger, Datadog, New Relic); requires otel-javaagent or manual instrumentation; heavier than Brave but more flexible backend choices.
Jaeger Java client
Jaeger-specific tracer with similar instrumentation model; tighter integration with Jaeger backend; less suitable for multi-backend scenarios like Brave's X-Ray plugin support.
Micrometer Tracing (Spring)
Spring-native abstraction layer over Brave or OpenTelemetry; simpler if already in Spring Boot ecosystem; ties you to Spring's observability roadmap.
Build on brave with DEV.co software developers
Explore Brave's instrumentation libraries, review the example project, and set up a Zipkin backend to start correlating latency across your services.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
brave FAQ
Does Brave require Zipkin?
Can I use Brave with Java 1.5 or older Android?
Will Brave introduce new dependencies to my project?
How does Brave handle async or non-blocking code?
Software development & web development with DEV.co
Need help beyond evaluating brave? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and open-source observability integrations — and maintain them long-term.
Ready to trace your Java microservices?
Explore Brave's instrumentation libraries, review the example project, and set up a Zipkin backend to start correlating latency across your services.