December 22, 2023

Deepfactor 3.4 Includes Enhanced Runtime Reachability and Runtime Security Capabilities

Deepfactor

Whitepaper: SCA 2.0 — A Framework to Prioritize Risk, Reduce False Positives, and Eliminate SCA Alert Fatigue

6 strategies to prioritize runtime alerts.

Download Now >

Deepfactor Release 3.4 Overview

With release 3.4, Deepfactor now offers exciting new runtime reachability and runtime security enhancements:

  • Increased language support for runtime reachability and runtime security
  • Ability to visualize vulnerability trends across releases and track security posture over time (see below)

3.4 Trends

  • Rich remediation guidance with risk vs. effort mapping, direct vs. transitive dependencies, container base image vs. layer information, and more (see below)

For additional details on release 3.4, for both on-prem and SaaS versions, please review the Release Notes in Deepfactor Docs.

Release 3.4 Highlights:

Enhancements
SBOM and SCA for OSS Dependencies and Container Scans
  • Artifact releases: Ability to tag scans to a particular release. Identify vulnerability trends across builds in a particular release and also across releases.
  • Ability to tag dependencies detected during filesystem scans as transitive and identifying the root dependency for Java.
  • Detection of Node.js and PHP dev dependencies for filesystem scans.
  • Global search for artifacts based on multiple criteria such as resource, vulnerability, and OS distribution.
  • Recommendations pane that highlights the actions needed to fix direct, transitive, and base image layer vulnerabilities.
Runtime SCA
  • Runtime reachability of PHP, Ruby, Kotlin, and Scala dependencies. Users can now use the reachability results to prioritize vulnerabilities in these dependencies.
Container Runtime Security
  • Support for observing Go applications.
  • Support for detecting runtime security alers in dynamic Golang applications (tech preview)

Release 3.4 Details:

Artifact Releases

We now enable users to tag scans to a particular release. This allows us to show the security posture of the latest build per state, as well as a trend of vulnerabilities across builds in a release and across releases over a period of time. You can read more about this capability here.

Global Artifact Search

The global artifact search capability will allow users to search artifacts based on certain criteria: if it has particular CVEs, a particular resource (ex. log4j), critical/high severity vulnerabilities, uses a particular OS distribution, etc.

Runtime Reachability

As we have outlined in our SCA 2.0 framework whitepaper, runtime reachability is a critical part of prioritizing which SCA vulnerabilities should be prioritized based on the true risk to the application. We continue to add more languages for which we provide runtime reachability information. In 3.4, we added support for Ruby, PHP, Scala and Kotlin. You can find the full list of languages for which we provide runtime reachability information here: Support Matrix for Language-Specific Dependencies Detection

Free Trial Signup

The Deepfactor trial includes the full functionality of the platform, hosted in a multi-tenant environment.

Sign Up Today! >
SCA 2.0 Whitepaper

Whitepaper: SCA 2.0 — A Framework to Prioritize Risk, Reduce False Positives, and Eliminate SCA Alert Fatigue

6 strategies to prioritize runtime alerts.

Download Now >

Subscribe to our monthly eNewsletter and stay up-to-date on everything Deepfactor has to offer!