Deepfactor 3.4 Includes Enhanced Runtime Reachability and Runtime Security Capabilities

Deepfactor Release 3.4 Overview

With release 3.4, Deepfactor now offers exciting new runtime reachability and runtime security enhancements:

• Increased language support for runtime reachability and runtime security
• Ability to visualize vulnerability trends across releases and track security posture over time (see below)

• Rich remediation guidance with risk vs. effort mapping, direct vs. transitive dependencies, container base image vs. layer information, and more (see below)

For additional details on release 3.4, for both on-prem and SaaS versions, please review the Release Notes in Deepfactor Docs.

Release 3.4 Highlights:

Release 3.4 Details:

Artifact Releases

We now enable users to tag scans to a particular release. This allows us to show the security posture of the latest build per state, as well as a trend of vulnerabilities across builds in a release and across releases over a period of time. You can read more about this capability here.

Global Artifact Search

The global artifact search capability will allow users to search artifacts based on certain criteria: if it has particular CVEs, a particular resource (ex. log4j), critical/high severity vulnerabilities, uses a particular OS distribution, etc.

Runtime Reachability

As we have outlined in our SCA 2.0 framework whitepaper, runtime reachability is a critical part of prioritizing which SCA vulnerabilities should be prioritized based on the true risk to the application. We continue to add more languages for which we provide runtime reachability information. In 3.4, we added support for Ruby, PHP, Scala and Kotlin. You can find the full list of languages for which we provide runtime reachability information here: Support Matrix for Language-Specific Dependencies Detection

Frequently Asked Questions

1. What are the key enhancements introduced in Deepfactor Release 3.4 for SBOM (Software Bill of Materials) and SCA (Software Composition Analysis)?

Answer: Deepfactor Release 3.4 brings significant enhancements for SBOM and SCA, including the ability to tag scans to a specific release, identifying vulnerability trends across builds within a release and across releases over time. Additionally, it introduces the detection of Node.js and PHP dev dependencies during filesystem scans and provides a global search for artifacts based on various criteria such as CVEs, resources, vulnerabilities, and OS distribution.

2. How does Deepfactor enhance runtime SCA (Software Composition Analysis) in Release 3.4, particularly in terms of runtime reachability?

Answer: Deepfactor Release 3.4 expands its support for runtime reachability, a critical aspect of prioritizing SCA vulnerabilities based on their true risk to the application. With increased language support, including Ruby, PHP, Scala, and Kotlin, users can now utilize runtime reachability information to prioritize vulnerabilities more effectively, ensuring that critical issues are addressed promptly.

3. What improvements are introduced in Deepfactor Release 3.4 for container runtime security?

Answer: Deepfactor Release 3.4 introduces support for observing Go applications and detecting runtime security alerts in dynamic Golang applications (as a tech preview). This enhancement strengthens container runtime security capabilities, allowing users to identify and address security vulnerabilities and threats in their containerized environments more efficiently.

4. How does Deepfactor in Release 3.4 provide rich remediation guidance for addressing vulnerabilities?

Answer: In Deepfactor Release 3.4, users benefit from rich remediation guidance, including risk vs. effort mapping, direct vs. transitive dependencies identification, container base image vs. layer information, and more. Additionally, the platform offers a recommendations pane highlighting actions needed to fix direct, transitive, and base image layer vulnerabilities, enabling users to prioritize and address vulnerabilities effectively.