Deepfactor Release 3.4 Overview
With release 3.4, Deepfactor now offers exciting new runtime reachability and runtime security enhancements:
- Increased language support for runtime reachability and runtime security
- Ability to visualize vulnerability trends across releases and track security posture over time (see below)
- Rich remediation guidance with risk vs. effort mapping, direct vs. transitive dependencies, container base image vs. layer information, and more (see below)
For additional details on release 3.4, for both on-prem and SaaS versions, please review the Release Notes in Deepfactor Docs.
Release 3.4 Highlights:
|SBOM and SCA for OSS Dependencies and Container Scans
|Container Runtime Security
Release 3.4 Details:
We now enable users to tag scans to a particular release. This allows us to show the security posture of the latest build per state, as well as a trend of vulnerabilities across builds in a release and across releases over a period of time. You can read more about this capability here.
Global Artifact Search
The global artifact search capability will allow users to search artifacts based on certain criteria: if it has particular CVEs, a particular resource (ex. log4j), critical/high severity vulnerabilities, uses a particular OS distribution, etc.
As we have outlined in our SCA 2.0 framework whitepaper, runtime reachability is a critical part of prioritizing which SCA vulnerabilities should be prioritized based on the true risk to the application. We continue to add more languages for which we provide runtime reachability information. In 3.4, we added support for Ruby, PHP, Scala and Kotlin. You can find the full list of languages for which we provide runtime reachability information here: Support Matrix for Language-Specific Dependencies Detection