December 22, 2021

Now Available: DeepFactor v2.1

Andrew Horrigan, Technical Product Marketing, Deepfactor

Announcing support for Python dependency checks, compliance insights [PCI 3.2 & SOC2], and integration with Synopsys Black Duck

With year-end quickly approaching, our engineering team is excited to announce general availability of Deepfactor v2.1. This release introduces a number of new features and enhancements, most notably a brand-new compliance module and native integration with Synopsys Black Duck. Users can also expect an improved Deepfactor Portal, with the dashboard providing rich compliance, supply chain, and security details at-a-glance.

Continue reading after the matrix to learn more about the new features and enhancements added in the latest version of Deepfactor!

 

Features Enhancements
Core Platform
  • Enhanced Tile UI displays compliance, supply chain, and security details of the instrumented application
  • Deepfactor can utilize HashiCorp Vault to store encrypted JWT tokens
  • Deepfactor now reports deployment attributes such as Pod Name, Container Repository, etc. for K8s applications
  • Improved Deepfactor Portal installation w/ single interactive shell
Insights
  • New Alerts! Support for Python Dependencies
  • New Module! PCI 3.2, NIST 800-53 and SOC 2 framework reports on application compliance

Integrations
  • SBOM APIs added to documentation

Compliance Module

Many data security and privacy regulations (e.g., PCI, CCPA, GDPR, SOC 2, etc.) contain requirements for application security with penalties for violations, not to mention legal ramifications, loss of business, and reputational damage in the event of a breach. Our newest module helps developers assess compliance status for applications by mapping our alerts—System Call Risks, Behavior Violations, and Vulnerabilities—to the Secure Control Framework. Armed with this information, developers now understand the impact application security might have on the company’s compliance goals.

ComplianceModule

Synopsys Black Duck Integration

Deepfactor references data from the National Vulnerability Database to provide developers with out-of-the-box CVE information for vulnerable dependencies and OS packages. However, Deepfactor enhances traditional artifact scanning by observing the running application to provide developers with prioritized results based on real-time usage information. In Deepfactor v2.1, this framework has been extended to support external Software Composition Analysis (SCA) tools.

We’re excited to announce our partnership with Synopsys Black Duck to bring Black Duck Security Advisories (BDSAs) to Deepfactor! With this integration, customers of Synopsys Black Duck and Deepfactor can expect enhanced and prioritized CVE information for vulnerable dependencies and OS packages.

Please stay tuned for additional announcements around this integration and partnership. In the meantime, visit our documentation for more information.

DeepFactor-SynopsysBlackDuck-Integration

 

Enhanced Dashboard

Given the number of features being added to Deepfactor each release, there’s been a growing need to provide developers with “glanceable,” easy-to-understand information on instrumented applications. In Deepfactor v2.1, customers are now greeted with a completely redesigned dashboard that highlights important, high-level information across the modules for supply chain, compliance, and security insights.

 

EnhancedDashboard-v2.1

 

Visit our Release Notes for more information about our latest releases. And, as always, for those interested in learning more about Deepfactor and the improvements introduced in v2.1, you can request a demo.

 


Deepfactor is a cloud native application security platform that enables developers to quickly discover and resolve security vulnerabilities, supply chain risks, and compliance issues during development. The unified AppSec platform provides integrated artifact scanning (SCA, container scans, SBOM) and runtime visibility (IAST, DAST). Requiring no code changes, the Deepfactor runtime observability technology seamlessly plugs into cloud native architectures to observe telemetry and detect anomalies, providing developers with a prioritized and actionable list of contextual security risks. Deepfactor simplifies operations, reporting, remediation, and integrates AppSec into the CI/CD pipeline to drive the adoption of DevSecOps for modern enterprises.

Subscribe to our monthly eNewsletter and stay up-to-date on everything Deepfactor has to offer!