Not recent but the cybersecurity company Rapid7 uses a Java implementation called JESS (Java Expert System Shell) within their vulnerability management product to help determine vulnerable / unpatched state of scanned assets.

https://www.rapid7.com/blog/post/2013/11/01/vulnerability-ma...