DeepFactor uses ONE COMMAND—DFCTL—to observe ANY WORKLOAD without changing the code or build scripts. Simply run your app with this command and start seeing telemetry.  You can run dfctl during dev, test, staging, pre-prod, or even prod.

Without additional effort, developers can automatically observe BILLIONS of live application telemetry events across 170+ parameters occurring in every thread/process of the application in traditional apps or containers/ Kubernetes/ Docker apps to identify and triage security and compliance risks across various layers of the application stack—system calls, library calls, and network, web, API, and configuration layers—within the DevOps pipeline.

DeepFactor is an industry-first Continuous Observability platform for security and compliance that automatically observes ACTUAL application behavior at RUNTIME to detect anomalies or ‘needles in the haystack’ and prioritize alerts.

Dfctl sends the billions of app events to the DeepFactor portal. This telemetry is analyzed, metrics are identified, and anomalies detected.

The DeepFactor portal includes the backend for collecting and analyzing telemetry, as well as the management portal UI. This can be setup in both cloud or on-premises. AWS and VMware environments are supported today.

DeepFactor’s portal has a fully integrated headless OWASP ZAP scanner, which is a great complement to any observability platform. Scans can be kicked off with zero setup and can greatly enhance applications’ code coverage, and augment DeepFactor’s telemetry and insights. In addition, DeepFactor also passes in the observed URIs back to the ZAP scanner and increases scan coverage.

DeepFactor's security and compliance insights are presented with actionable evidence such as stack traces, metrics, and more. Insights are grouped into 4 modules:

  • Code Execution Risks: risks in process, memory, filesystem, and network behaviors determined by observing system and library calls

  • Runtime use of Vulnerable Dependencies: prioritized list of vulnerable dependencies based on actual runtime usage and relevance, down to the function call level, to augment SCA tools & reduce alert fatigue

  • AppSec Compliance: deviations from expected app behaviors defined by policies specified by AppSec team

  • OWASP Scan Results (Web & API): results of built-in headless OWASP ZAP DAST Scanner

DeepFactor allows you to prioritize alerts by accepting default DeepFactor priorities or customizing alert priorities. The Appsec and Engineering teams have the ability to add comments and share alert details, evidence, information, and metrics. Additionally:

  • Automatically file JIRAs from the alert

  • Automatically notify Engineering teams via Slack or other tools

  • Configure custom policies

Similar to how ‘Infrastructure-as-Code’ enables DevOps engineers to orchestrate infrastructure using scripts, DeepFactor’s Observability-as-Code API enables DevSecOps engineers to leverage observability functionality in their CI pipeline and gate builds based on the security and compliance insights gathered by DeepFactor’s Continuous Observability platform.

DeepFactor’s Observability-as-Code API is available as a Swagger doc and enables customers to do the following:

  • Run your app with DeepFactor using the dfctl command

  • Get the list of insights determined by DeepFactor

  • Gate releases based on DeepFactor’s insights

  • Trigger headless OWASP ZAP scans

The DeepFactor portal also provides a centralized management and reporting interface to your SaaS or self-hosted deployment. DeepFactor comes with pre-packaged integrations with popular developer tools such as Jira, Jenkins, Slack, GitHub, and more so you can start integrating your favorite tools right away.

Extraordinary Visibility into the Software Supply Chain

SOFTWARE BILL OF MATERIALS (SBOM): Catalog of all dependencies—including open source and 3rd party—and OS packages used by the app, along with licensing information and runtime metrics such as processes, ports, files, and network connections; value-add for SOC2/other compliance processes

Unparalleled Runtime Insights

SYSTEM CALL RISKS: Risks in process, memory, filesystem, and network behaviors determined by observing system and library calls

BEHAVIOR VIOLATIONS: Alert developers during CI if in-house or 3rd party app deviates from expected process, memory, filesystem, and network behaviors defined by policies

DATA RISKS: Identity & credential tracking, weak encryption, unencrypted PII in DB or object storage, keys in env vars, data audit logs, unencrypted data in flight, etc.

PRIVACY & COMPLIANCE RISKS: Risks mapped to GDPR, PCI, ISO27001, and other compliance frameworks

CHANGES BETWEEN RELEASES & ENVIRONMENTSDeviations in ports, processes, metrics and configurations between versions and between environments

Prioritized Vulnerabilities with Reduced SCA Alert Volume

DYNAMIC DEPENDENCY ANALYSIS: Prioritized list of vulnerable dependencies based on actual runtime usage, touchpoints & actionability—augments SCA tools & reduces alert fatigue

VULNERABLE OS PACKAGES: Find vulnerabilities in the OS packages on VM or container that the app actually loadedalong with usage information which helps prioritize and easily fix alerts

Enhanced DAST Insights and Faster Scans

OWASP ZAP SCAN RESULTS (WEB): Results of built-in headless OWASP ZAP DAST Scanner

API SCAN: Scan your API interfaces for OWASP vulnerabilities using Swagger/OpenAPI


You can ship secure code without sacrificing productivity or drowning in alert fatigue!

  • Find and triage RUNTIME Security, Privacy, and Compliance risks within the Continuous Integration (CI) pipeline with one command and no code changes
  • Instantly pinpoint root cause and remediate runtime risks 'at the source' before shipping to production
  • Automatically observe millions of application telemetry events and detect anomalies
  • Receive low-volume, high-fidelity alerts with actionable evidence, such as stack traces and metrics
  • Compare the behavior of one version to another


You can accelerate productivity and decrease mean-time-to-remediate (MTTR) security and compliance risks pre-production!

  • Establish a ‘security first’ culture
  • Quick adoption via purpose-built tool designed by developers for developers and their leadership team
  • Leverage the Observability-as-Code API to integrate with any CI pipeline, including CircleCI, CloudBees, GitLab, GitHub, Jenkins, and more
  • Use with any workload from traditional/non-container to container/Kubernetes/Docker applications
  • Centralize management and reporting


You can move faster with greater efficiency to focus on the critical alarms that could imperil the business!

  • Collaborate with and empower engineering teams to abate security risks BEFORE production!
  • Stop wasting time investigating false-positives
  • Set security policies and guardrails
  • Prioritize alerts
  • Avoid context switching and arm the dev team to triage risks pre-production