Quick Clip: Learn How Deepfactor Developer Security Prioritizes Alerts

In the 20-minute demo of the Deepfactor Developer Security Platform you will:

  • Understand how Deepfactor seamlessly plugs into cloud native applications to observe every thread, process, container, and pod without agents or sidecars.
  • See the integrated insights Deepfactor provides to help developers identify security risks in application code, dependencies, container images, web interfaces and compliance.
  • Learn about the value of providing developers with contextual, application-aware information —such as system calls and stack traces— to pinpoint vulnerable code and prioritize remediation.

Transcript:

On the right-hand side, you can see the operating system packages. So while this particular application was deployed in a container that had a total of 179 operating system packages installed, 28 of those were vulnerable, but we’ve only observed 35 of those packages or libraries being used. So out of the 179 packages or libraries that are deployed, only 35 are being used, but you notice we’ve only generated 16 alerts. So there may be a little bit of confusion to say, Hey, you’ve got 28 vulnerable packages, but you’ve only generated 16 alerts. And here’s the really great thing about Deepfactor. So in order to avoid alert fatigue for the developers, we only generate alerts when a particular library or a dependency is actually used. So what this means is even though you’ve got 28 vulnerable libraries, the application only use 16 of those, and those are what we’ve generated alerts for.