diff --git a/pkg/workflow/data/ecosystem_domains.json b/pkg/workflow/data/ecosystem_domains.json
index e3574bd7b3d..35f8e511731 100644
--- a/pkg/workflow/data/ecosystem_domains.json
+++ b/pkg/workflow/data/ecosystem_domains.json
@@ -86,7 +86,12 @@
     "repo.grails.org",
     "download.eclipse.org",
     "download.oracle.com",
-    "jcenter.bintray.com"
+    "jcenter.bintray.com",
+    "dlcdn.apache.org",
+    "archive.apache.org",
+    "download.java.net",
+    "api.foojay.io",
+    "cdn.azul.com"
   ],
   "linux-distros": [
     "deb.debian.org",
diff --git a/pkg/workflow/ecosystem_domains_test.go b/pkg/workflow/ecosystem_domains_test.go
index d5043846590..2524e394a4c 100644
--- a/pkg/workflow/ecosystem_domains_test.go
+++ b/pkg/workflow/ecosystem_domains_test.go
@@ -169,6 +169,37 @@ func TestEcosystemDomainExpansion(t *testing.T) {
 		}
 	})
 
+	t.Run("java ecosystem includes Java package and tooling domains", func(t *testing.T) {
+		permissions := &NetworkPermissions{
+			Allowed: []string{"java"},
+		}
+		domains := GetAllowedDomains(permissions)
+
+		expectedDomains := []string{
+			"repo.maven.apache.org",
+			"services.gradle.org",
+			"download.oracle.com",
+			"dlcdn.apache.org",
+			"archive.apache.org",
+			"download.java.net",
+			"api.foojay.io",
+			"cdn.azul.com",
+		}
+
+		for _, expectedDomain := range expectedDomains {
+			found := false
+			for _, domain := range domains {
+				if domain == expectedDomain {
+					found = true
+					break
+				}
+			}
+			if !found {
+				t.Errorf("Expected domain '%s' to be included in java ecosystem, but it was not found", expectedDomain)
+			}
+		}
+	})
+
 	t.Run("node ecosystem includes Node.js package domains", func(t *testing.T) {
 		permissions := &NetworkPermissions{
 			Allowed: []string{"node"},