• Product

      Product

      Application Security Platform

      Use Cases

      Shift Left & DevSecOps Supply Chain Security Software Bill of Materials (SBOM) Container Runtime Security & Compliance Cloud Native Application Security
      What is Deepfactor and How Does It Work?
      4-Minute Video
      What is Deepfactor and How Does It Work? >
  • Pricing
    • Pricing Plans
  • Resources

      Resources

      All Resources Next-Gen AppSec Series Case Studies Demos Videos Glossary Webinars Whitepapers Workshops Latest Blogs Documentation
      Implement Effective Next-Gen Container Runtime Security in Kubernetes and Cloud Native Apps
      Whitepaper
      Implement Effective Next-Gen Container Runtime Security in Kubernetes and Cloud Native Apps >
  • Company
    • About
    • Leadership
    • Partners
    • News and Events
    • Careers
    • Contact Us
  • LOGIN
Cisco Logo Deepfactor is now part of Cisco | Learn more
Learn more
Deepfactor Logo
  • Product

      Product

      Use Cases

      Application Security Platform

      Use Cases

      Shift Left & DevSecOps Supply Chain Security Software Bill of Materials (SBOM) Container Runtime Security & Compliance Cloud Native Application Security
      What is Deepfactor and How Does It Work?
      4-Minute Video
      What is Deepfactor and How Does It Work? >
  • Pricing
    • Pricing Plans
  • Resources

      Resources

      All Resources Next-Gen AppSec Series Case Studies Demos Videos Glossary
      Webinars Whitepapers Workshops Latest Blogs Documentation
      Next-Gen AppSec Series—Deepfactor SCA: 80% Less Noise, 50% Lower Cost
      Next-Gen AppSec Series
      Next-Gen AppSec Series—Deepfactor SCA: 80% Less Noise, 50% Lower Cost >
  • Company
    • About
    • Leadership
    • Partners
    • News and Events
    • Careers
    • Contact Us
LOGIN
Deepfactor's Application Security Platform will no longer be offered for sale or renewal effective September 20, 2024.

Getting Started

  • QuickStart Guide
  • Install Deepfactor CLI
  • Deepfactor Support Matrix

Tutorials

  • SBOM & SCA
    • Artifact Releases
    • Deepfactor Scanner
    • Integrate Deepfactor scanner in your CI/CD pipelines
    • Scanning container images from private registries using Deepfactor CLI
    • Scan container images in K8s cluster
      • Scanning images from private registries in K8s cluster using Deepfactor
      • Scanning container images from private registries with basic authentication support in K8s
      • Scanning container images from private AWS Elastic Container Registry (ECR) in EKS on AWS Fargate
      • Scanning container images from private AWS Elastic Container Registry (ECR) in EKS on AWS EC2
  • Runtime Security
    • Introduction to Deepfactor Runtime Security
    • Deepfactor CLI Reference
    • Kubernetes workload
      • Run your Kubernetes workload with Deepfactor
      • Install Deepfactor Mutating Webhook
      • Configure Deepfactor Kubernetes admission webhook
      • Install Deepfactor K8s webhook on EKS Fargate
      • Selecting the pods you want to run with Deepfactor
      • Configuring application name, component name and component version in K8s webhook
      • Install Deepfactor mutating admission webhook using Argo CD
      • Install Deepfactor portal & webhook using Argo CD and vault
      • Use image pull secret for Runtime images
    • Containers/Other orchestration platforms
      • Run your Container Images with Deepfactor
      • Run containers in ECS with Deepfactor
    • Non-containerized workloads
      • Running non-containerized applications with Deepfactor

Deepfactor Platform

  • Introduction to Deepfactor
  • Alert Policies
  • Alert States and Triaging Flows
  • Deepfactor’s Correlation Capabilities
  • Organization and Teams
  • Role Based Access Control
  • Insights Knowledge Base
    • Privilege Separation and Privilege Dropping
    • Buffer Overflow Alerts
  • Knowledge Base
    • Deepfactor scan errors
    • K8s Webhook & Runtime Troubleshooting Guide
    • Tools for viewing CycloneDX and SPDX SBOMs
    • Graceful handling of pod restarts
    • Deepfactor telemetry events
    • Deepfactor Instrumentation Warning Messages
    • Best Practices for running your applications with Deepfactor in production environments
    • Golang Specific Notes
    • How to access Deepfactor Portal in different AWS subnet types
    • How the Deepfactor Management Portal Communicates With The Outside World
    • Language Specific Agents (LSA)
    • Mixed libc environments
    • Sensitive Information and Secrets in Process Environment Remediation
    • Running HAProxy with Deepfactor
    • Augmenting Alert Evidence with Runtime Stack Traces
  • FAQs
    • General FAQs
    • Open Source Disclosure

Integrations

  • Single Sign On (SSO) for authentication to Deepfactor
  • Integrate Jira with Deepfactor
  • Integrate Slack with Deepfactor
  • Okta
  • Deepfactor HTTPS webhook

Self managed Deepfactor portal

  • Deepfactor Portal architecture & deployment options
  • Install Self managed Deepfactor portal
    • Kubernetes Cluster
      • Prerequisites for deploying Deepfactor portal in Kubernetes Cluster
      • Deploying Deepfactor Portal in your Kubernetes Cluster
      • Install Deepfactor portal using Helm
      • Customizing Deepfactor portal deployment
        • Customizing your Deepfactor Portal Deployment in K8s
        • Deploy Deepfactor Portal With Resource Limits
        • Deploying Deepfactor Portal using external IP
        • Deepfactor Portal Installation with Existing Ingress Controller
    • AWS EC2
      • Prerequisites for installing Deepfactor Portal in AWS Cloud
      • Deploying Deepfactor on AWS using CFT
      • Install AWS Certificate Manager(ACM) certificate on Deepfactor portal EC2 instance
    • VMWare vSphere
      • Deepfactor Portal Proxy Configuration for OVA deployments
      • Prerequisites for deploying Deepfactor portal in VWware vSphere
      • Deploying Deepfactor on VMware vSphere
  • Manage Deepfactor Portal
    • Using Deepfactor APIs
    • Managing Users
    • Updating your Deepfactor Portal
    • Updating Deepfactor portal certificate
  • Deepfactor Portal Certificate
    • Generate certificate using cert-manager for Deepfactor portal
    • Create self-signed certificate for Deepfactor Portal on your K8s cluster
    • Create AWS Private CA Certificate for Deepfactor Portal on your K8s cluster
    • Create Let’s Encrypt certificate for Deepfactor Portal on your K8s cluster

Release Notes

  • Deepfactor Release Notes
  • Home
  • Docs
  • Deepfactor Platform

Deepfactor’s Correlation Capabilities

Deepfactor can scan your artifacts (container images / file system directories) to generate SBOM and find SCA vulnerabilities. Deepfactor can also observe running containers / non-containerized applications to detect runtime risks. The unique capability Deepfactor provides is that it can correlate the results of the scan and runtime observation so you get

  1. An unified view of your application’s security posture
  2. Additional information so you can priortize which vulnerabilities to fix earlier than others.

Correlation Insights #

This section outlines some of the areas where Deepfactor correlates results from static scan and runtime observation.
In the application dashboard, you will be presented with the unified security posture of your application. Since Deepfactor also observes the running application, it can correlate usage information gathered at runtime with SCA information like vulnerabilities gathered during the static scan.

Application Dashboard

Application Dashboard with runtime enriched SCA & SBOM

 

OS Packages #

Deepfactor can intercept when a shared library is loaded by the application. Deepfactor then queries the package manager to find the OS package to which the shared library belongs. Deepfactor provides this usage information in multiple pages on the portal UI and also in API responses.

SBOM OS Packages

OS Packages with usage information

 

shared-libraries-used

List of shared libraries opened

 

With Deepfactor, you will be able to get

  1. The full list of OS packages (SBOM) present in your application/container
  2. The list of vulnerable OS packages along with the vulnerability information
  3. The list of OS packages that are loaded by your application at runtime.

Actions you can take based on this information to improve your security posture are summarized in the table below.

Vulnerable Used Recommendation Notes
Yes Yes Update application code
Upgrade OS package
Since your application is using a vulnerable OS package, you will need to update your application code or software framework to ensure you use later versions of the OS package that has resolved the vulnerabilities. 
Yes No Consider removing unused OS packages or finding an alternate base image. Since your application is not using these OS packages, you can either remove them or find an alternate base image that does not have these OS packages. This will not only reduce the number of vulnerabilities in your container but also reduce the attack surface area.
No Yes No action needed
No No Consider removing unused OS packages or finding an alternate base image. Since your application is not using these OS packages, you can either remove them or find an alternate base image that does not have these OS packages. This will reduce the attack surface area.

 

Application Dependencies #

Deepfactor also tracks the usage of application dependencies in the case of Java, Kotlin, Scala, Go, and interpreted language (python, Node.js, PHP, Ruby) dependencies. For java, Deepfactor injects a jvmti agent and intercepts class loaded event and then presents a list of all the classes that were loaded per java dependency. For interpreted language dependencies, Deepfactor shows the list of files loaded by the interpreter.

SBOM Dependencies

SBOM Dependencies with runtime usage

 

Dependency usage

List of classes loaded per java dependency

 

Artifact Scan results #

On the artifact page, you will see the list of all the components that use the same artifact. This will help you understand where all this particular artifact is deployed.

 

How does Deepfactor correlate artifacts with running applications/workloads? #

For container images, Deepfactor correlates based on the image ID. When a container is run using Deepfactor either using docker run or using K8s, Deepfactor attempts to get the image ID of the container that is being run. Deepfactor then shows the results of the scan performed on the image with the same image ID on the application and component dashboard. Hence it is important for Deepfactor to fetch the image ID of the running container to correlate results of the static scan. In K8s, Deepfactor deploys a scan pod which pulls the image’s manifest from the registry to get the image ID. If you are using private registries, you will need to provide the registry credentials as a K8s secret to enable the scan pod to pull the image manifest.

For file system scans, Deepfactor relies on the user to provide the same application name, component name and version for static scans and observing running applications. In other words, please pass the same application name, component name and component version to both dfctl scan and dfctl run commands so Deepfactor understands that the same artifact is being scanned and run and it can correlate results for you.

Example:

– Artifact: mydir/pythonapp (path to application code)

– Application: backend

– Component: pythonapp

– Version: 1.0

Static scan :

 dfctl scan -s fs -a "backend" -c "pythonapp" -V "1.0" mydir/pythonapp

Runtime instrumentation:

dfctl run -a "backend" -c "pythonapp" -V "1.0" -v --cmd python run.py

Since the same application name, component name and version were passed to dfctl scan and dfctl run commands, Deepfactor can correlate results found in the two operations.

Was this article helpful?
Still stuck? How can we help?

How can we help?

Updated on April 3, 2024
Alert States and Triaging FlowsOrganization and Teams

Powered by BetterDocs

Table of Contents
  • Correlation Insights
    • OS Packages
    • Application Dependencies
    • Artifact Scan results
  • How does Deepfactor correlate artifacts with running applications/workloads?
Deepfactor Icon

Deepfactor is a next-gen application security platform, using static container scan data + runtime analysis to prioritize vulnerabilities to those representing true risk to a business—based on reachability, runtime usage, deployment context, and exploit maturity.

Product Pricing Resources Company Documentation Login

SUBSCRIBE TO OUR NEWSLETTER!

Sign Up
LinkedIn Icon YouTube Icon GitHub Icon Twitter Icon

© 2025 Deepfactor, Inc. All Rights Reserved.

Privacy Statement | Terms of Service | Open Source Disclosure