Learn how Deepfactor Developer Security prioritizes alerts.


On the right-hand side, you can see the operating system packages. So while this particular application was deployed in a container that had a total of 179 operating system packages installed, 28 of those were vulnerable, but we’ve only observed 35 of those packages or libraries being used. So out of the 179 packages or libraries that are deployed, only 35 are being used, but you notice we’ve only generated 16 alerts. So there may be a little bit of confusion to say, Hey, you’ve got 28 vulnerable packages, but you’ve only generated 16 alerts. And here’s the really great thing about Deepfactor. So in order to avoid alert fatigue for the developers, we only generate alerts when a particular library or a dependency is actually used. So what this means is even though you’ve got 28 vulnerable libraries, the application only use 16 of those, and those are what we’ve generated alerts for.