December 22, 2023

Deepfactor 3.4 Includes Enhanced Runtime Reachability and Runtime Security Capabilities

Deepfactor

Whitepaper: SCA 2.0 — A Framework to Prioritize Risk, Reduce False Positives, and Eliminate SCA Alert Fatigue

6 strategies to prioritize runtime alerts.

Download Now >

Deepfactor Release 3.4 Overview

With release 3.4, Deepfactor now offers exciting new runtime reachability and runtime security enhancements:

  • Increased language support for runtime reachability and runtime security
  • Ability to visualize vulnerability trends across releases and track security posture over time (see below)

3.4 Trends

  • Rich remediation guidance with risk vs. effort mapping, direct vs. transitive dependencies, container base image vs. layer information, and more (see below)

For additional details on release 3.4, for both on-prem and SaaS versions, please review the Release Notes in Deepfactor Docs.

Deepfactor Release 3.4 Highlights:

Enhancements
SBOM and SCA for OSS Dependencies and Container Scans
  • Artifact releases: Ability to tag scans to a particular release. Identify vulnerability trends across builds in a particular release and also across releases.
  • Ability to tag dependencies detected during filesystem scans as transitive and identifying the root dependency for Java.
  • Detection of Node.js and PHP dev dependencies for filesystem scans.
  • Global search for artifacts based on multiple criteria such as resource, vulnerability, and OS distribution.
  • Recommendations pane that highlights the actions needed to fix direct, transitive, and base image layer vulnerabilities.
Runtime SCA
  • Runtime reachability of PHP, Ruby, Kotlin, and Scala dependencies. Users can now use the reachability results to prioritize vulnerabilities in these dependencies.
Container Runtime Security
  • Support for observing Go applications.
  • Support for detecting runtime security alers in dynamic Golang applications (tech preview)

Deepfactor Release 3.4 Details:

Artifact Releases

We now enable users to tag scans to a particular release. This allows us to show the security posture of the latest build per state, as well as a trend of vulnerabilities across builds in a release and across releases over a period of time. You can read more about this capability here.

Global Artifact Search

The global artifact search capability will allow users to search artifacts based on certain criteria: if it has particular CVEs, a particular resource (ex. log4j), critical/high severity vulnerabilities, uses a particular OS distribution, etc.

Runtime Reachability

As we have outlined in our SCA 2.0 framework whitepaper, runtime reachability is a critical part of prioritizing which SCA vulnerabilities should be prioritized based on the true risk to the application. We continue to add more languages for which we provide runtime reachability information. In 3.4, we added support for Ruby, PHP, Scala and Kotlin. You can find the full list of languages for which we provide runtime reachability information here: Support Matrix for Language-Specific Dependencies Detection

 

Frequently Asked Questions

1. What are the key enhancements introduced in Deepfactor Release 3.4 for SBOM (Software Bill of Materials) and SCA (Software Composition Analysis)?

Answer: Deepfactor Release 3.4 brings significant enhancements for SBOM and SCA, including the ability to tag scans to a specific release, identifying vulnerability trends across builds within a release and across releases over time. Additionally, it introduces the detection of Node.js and PHP dev dependencies during filesystem scans and provides a global search for artifacts based on various criteria such as CVEs, resources, vulnerabilities, and OS distribution.

2. How does Deepfactor enhance runtime SCA (Software Composition Analysis) in Release 3.4, particularly in terms of runtime reachability?

Answer: Deepfactor Release 3.4 expands its support for runtime reachability, a critical aspect of prioritizing SCA vulnerabilities based on their true risk to the application. With increased language support, including Ruby, PHP, Scala, and Kotlin, users can now utilize runtime reachability information to prioritize vulnerabilities more effectively, ensuring that critical issues are addressed promptly.

3. What improvements are introduced in Deepfactor Release 3.4 for container runtime security?

Answer: Deepfactor Release 3.4 introduces support for observing Go applications and detecting runtime security alerts in dynamic Golang applications (as a tech preview). This enhancement strengthens container runtime security capabilities, allowing users to identify and address security vulnerabilities and threats in their containerized environments more efficiently.

4. How does Deepfactor in Release 3.4 provide rich remediation guidance for addressing vulnerabilities?

Answer: In Deepfactor Release 3.4, users benefit from rich remediation guidance, including risk vs. effort mapping, direct vs. transitive dependencies identification, container base image vs. layer information, and more. Additionally, the platform offers a recommendations pane highlighting actions needed to fix direct, transitive, and base image layer vulnerabilities, enabling users to prioritize and address vulnerabilities effectively.

Free Trial Signup

The Deepfactor trial includes the full functionality of the platform, hosted in a multi-tenant environment.

Sign Up Today! >
SCA 2.0 Whitepaper

Whitepaper: SCA 2.0 — A Framework to Prioritize Risk, Reduce False Positives, and Eliminate SCA Alert Fatigue

6 strategies to prioritize runtime alerts.

Download Now >

Subscribe to our monthly eNewsletter and stay up-to-date on everything Deepfactor has to offer!