SCA for OSS Dependencies, Container Scans & SBOMs
$20
/contributing dev/month*
Generate SBOMs, scan OSS dependencies and containers for vulnerabilities and licenses, gate builds during CI
See It in Action
*For 100+ contributing devs, Deepfactor offers volume and multi-year discounts.
*For 100+ contributing devs, Deepfactor offers volume and multi-year discounts.
- Features
- Software Bill of Materials (SBOM) in SPDX & CycloneDX formats
- OSS dependency scans
- Container scans
- Vulnerabilities per container layer
- License compliance
- EoL components
- Exploitability of vulnerabilities
- Transitive vs direct vulnerabilities
- CI integration and gating builds
- Policies for generating alerts
- Remediation guidance with fixed-in versions
Runtime SCA
$20
/contributing dev/month*
Prioritize SCA findings based on correlation with runtime usage behavior & reachability
See It in Action
*For 100+ contributing devs, Deepfactor offers volume and multi-year discounts.
*For 100+ contributing devs, Deepfactor offers volume and multi-year discounts.
- Features
- Runtime dependency usage: View which classes/files are used within each dependency at runtime.
- Runtime container usage: View which shared objects/executables are used within OS packages at runtime.
- Venn diagram showing which vulnerable components are used/unused at runtime
- Automatic SCA/SBOM scans of K8s workloads
- Works with third-party SCA tools such as Synopsys, Sonatype, Snyk, Mend, Fossa or other
Container Runtime Security
$35
/contributing dev/month*
Detect insecure file, network, and memory behavior to identify unknown vulnerabilities and achieve compliance with SOC2 Type 2 and other frameworks
See It in Action
*For 100+ contributing devs, Deepfactor offers volume and multi-year discounts.
*For 100+ contributing devs, Deepfactor offers volume and multi-year discounts.
- Features
- Runtime analysis during dev, test, and prod to detect insecure application behaviors across network, file, process, and memory activity
- Configure rules based on expected application behavior and get alerted when there is an anomaly.
- Remediation guidance with stack trace information
- Mapping of security risks to compliance violations for PCI DSS, SOC2 Type 2 and NIST-80053
Everything
$65
/contributing dev/month*
Includes all modules of Deepfactor
*For 100+ contributing devs, Deepfactor offers volume and multi-year discounts.
*For 100+ contributing devs, Deepfactor offers volume and multi-year discounts.
- Features
- Includes all modules of Deepfactor
Common Features Across All Plans
- SaaS & on-prem options
- SSO
- RBAC
- Customizable alert rules
- Jira integration
- Slack integration
- HTTP Webhooks for integration w/ SIEMs, ASPMs and other dashboards
- Rich APIs for custom integrations
- Deployment Types
- VM-based deployments
- K8s deployments on any cloud
- Managed K8s deployments such as AWS Fargate
- Other container deployments such as AWS ECS or Docker Swarm
- Lambda w/ containers
- Standard Support M-F 9-5 PST (Included)
- Premium Support with SLAs (Optional)
FAQs
- 1. Who counts as a contributing developer?
We refer to a developer as any active contributor to the project you are securing with Deepfactor who has made at least one commit in the last 90 days.
- 2. Are contributors to my open source projects counted?
No. Open source projects are unlimited across all Deepfactor plans.
- 3. Does Deepfactor offer volume discounts?
Yes, for teams larger than 100 contributing developers, Deepfactor offers volume and multi-year discounts. You can request a quote here.
- 4. What languages and deployment modes are supported by Deepfactor?
The Deepfactor support matrix document provides a detailed list of the languages, configurations and deployment modes that are supported for each of the modules.