Coordinated Restore at Checkpoint (“CRaC”) is now generally available in Azul Zulu 17 with CRaC support for Linux x86 64-bit.
Support
Contact Sales Download Now

Azul Vulnerability Detection

Continuously detect known vulnerabilities
in your Java applications in production

Contact a Technical Consultant

Extend Your Software Supply Chain Security to Production

Detecting vulnerabilities in production is more critical than ever for enterprises. Azul Vulnerability Detection, an agentless cloud service, continuously detects known vulnerabilities in production, filling the critical gap in enterprises’ secure software supply chain strategies. By leveraging Azul JVMs, it produces more accurate results with no performance penalty and eliminates false positives.

computer

Runs in Production

Continually assesses both custom and commercial applications for exposure to vulnerabilities in production without the need for source code. Compares code run to Java-specific CVE (Common Vulnerabilities and Exposures) database in the cloud.

cancel

Eliminates False Positives

Focuses scarce human remediation effort where vulnerable code is used vs simply present. Eliminates false positives by monitoring code executed by the Java runtime (JVM) and generates accurate results unattainable by traditional tools.

speed

No Performance Penalty

Leverages monitoring and detection built into Azul JVMs, eliminating the performance penalty commonly seen with other application security tools. As an agentless solution, eliminates the management overhead associated with maintaining and updating separate agents.

radar

Detection for All Java Apps

Checks all of an enterprise’s Java-based software – whether they built it, bought it, or are introducing a regression with a recent change – including frameworks such as Spring, Hibernate, Tomcat, Quarkus, Micronaut, Kafka, Cassandra, Elasticsearch, Spark, Hive, Hadoop, and more.

policy

Historical Traceability for Focused Forensics

Retains detection history, helping enterprises focus forensic efforts to determine if vulnerable code was actually exploited prior to it being known as vulnerable.

Features

Your Data, Secure Azul Vulnerability Detection

Your Data, Secure

Your data is stored in a single tenant, protected environment called an Instance, isolated from other customers, in our Intelligence Cloud Service. Your instance is constantly processing new JVM data and comparing with new and existing CVE data to detect vulnerabilities.

Learn More east
CVE Knowledge Base Azul Vulnerability Detection

CVE Knowledge Base

A custom, curated database of known vulnerabilities is continuously updated in the Intelligence Cloud Service with the latest Java-specific CVEs, so customers can focus their remediation efforts on code actually run with vulnerabilities. Fingerprints components based on hashes of code repos, enabling detection of vulnerabilities in shaded jars, fat jars, and slim jars that other tools using component/version pairs do not detect.

Learn More east
Azul JVMs Azul Vulnerability Detection

Azul JVMs

Azul Vulnerability Detection leverages Azul JVMs for existing runtime information, saving a separate step associated with legacy agent-based solutions. Agentless approach means no performance impact and nothing extra to distribute/manage.

Learn More east
Advanced Detection Azul Vulnerability Detection

Advanced Detection

The composition analyzer inside the Azul JVMs uses sophisticated, highly granular detection techniques based on hashing, not version strings, which enables finding vulnerabilities in shaded jars, fat jars, slim jars that existing tools will not detect.

Learn More east
Forwarder Azul Vulnerability Detection

Forwarder

Azul JVMs connect to the Intelligence Cloud Service through a Forwarder. The forwarder is a secure proxy between your environment and the Intelligence Cloud Service so that JVMs can share information with the cloud without connecting directly to it. All data is encrypted (SSL) in flight.

Learn More east
REST API Azul Vulnerability Detection

REST API

Azul Vulnerability Detection comes with a full featured REST API so you can retrieve results for which components are in use, which are vulnerable, and when they were used or present. This information can be easily consumed for ongoing analysis and integrated into other systems and dashboards.

Learn More east
UI Azul Vulnerability Detection

UI

Users can also access results using an intuitive UI. The web UI is useful for configuration, validation of connectivity, and ad-hoc queries.

Learn More east

The best Java support in the industry.
Bar none.

There’s a reason Azul has a 100% customer satisfaction rating: our relentless focus on helping customers unleash the true power of Java.

Expert problem resolution available 24/7

Enjoy follow-the-sun coverage, strict support SLAs, and a 100% customer satisfaction rating.

Security only updates

Azul is the only vendor other than Oracle that provides quarterly security-only JDK updates for assured rapid deployment into production.

Java Experts

Azul is the only company 100% focused on Java and is the largest independent provider of OpenJDK support. Azul is a member of the OpenJDK Vulnerability Group and has the largest Java engineering team after Oracle.

Discover Even More

Why Azul Vulnerability Detection Blog
Blog

A Revolutionary Approach to Java Application Security
Enterprise Application Security - Building Secure and Resilient Applications
Research & White Papers

Enterprise Application Security: Building Secure and Resilient Applications
Run Java Run Secure Introducing Azul Vulnerability Detection Microsite
Learning Hubs

Run Java, Run Secure: Introducing Azul Vulnerability Detection
Assessing the CVE Detection Landscape
Research & White Papers

Assessing the CVE Detection Landscape
The CISO’s Guide to the Next Log4Shell
Research & White Papers

The CISO’s Guide to the Next Log4Shell
Reducing Software Supply Chain Risk Utilizing Java Production Data
Research & White Papers

Reducing Software Supply Chain Risk Utilizing Java Production Data

How It Works

Click on any highlighted areas as you mouse over the diagram for a description of how Azul Vulnerability Detection works.

Azul JVMs

Azul Vulnerability Detection leverages Azul JVMs’ existing runtime information in production and dev/test environments, ensuring accuracy and eliminating false positives. This agentless approach doesn’t impact performance and has no extra components to distribute and manage. Azul Vulnerability Detection uses advanced detection based on hashing, not version strings, to identify components, enabling it to find vulnerabilities in shaded JARs, fat JARs, and slim JARs that are undetected by legacy tools.

UI

User can also access results through an intuitive Web UI. The UI is useful for configuration, quick validation of connectivity, and ad-hoc queries.

REST API

The REST API allows you to retrieve results for which components are in use, which are vulnerable, and when they were used or present. The REST API enables easy integration into other systems and can be easily consumed for ongoing analysis.

Forwarder

The Forwarder is a secure proxy between your environment and the Intelligence Cloud Service. The Forwarder ensures JVMs never connect directly to the cloud; similarly, the cloud never initiates a conversation with the Forwarder/JVMs. All data in flight is SSL encrypted between the Forwarder and the cloud. The Forwarder also provides a single control point for organizations to monitor traffic.

Your Data

Your data is kept in a single-tenant, protected environment, isolated from other customers, but it still benefits from historical data of all Azul instances and the constant processing of new JVM data and new CVE data.

Results

Azul Vulnerability Detection retains detection history, helping enterprises focus forensic efforts to determine if vulnerable code was exploited before it was known to be vulnerable.

CVE Knowledge Base

Azul Vulnerability Detection checks code that runs against a custom, curated Java-specific database of known vulnerabilities continuously updated with the latest CVEs. The Knowledge Base stores hashes of code repositories, not just component/version pairs, enabling detection of vulnerabilities in shaded JARs, fat JARs, and slim JARs that are undetected by legacy tools.

Azul Security Team

The CVE Knowledge Base contains information about known CVEs. The Azul security team filters these down to understand which CVEs relate to Java and which our customers should pay attention to.

Ready? So are we.

Let us help you extend software supply chain security to production for your Java applications.

Contact a Technical Consultant