Save developer time and money with the strongest, most accurate signal to identify unused and dead code for removal.
Your data is stored in a single tenant, protected environment called an Instance, isolated from other customers, in our Intelligence Cloud Service. Your instance is constantly processing new JVM data and comparing with new and existing CVE data to detect vulnerabilities.
A custom, curated database of known vulnerabilities is continuously updated in the Intelligence Cloud Service with the latest Java-specific CVEs, so customers can focus their remediation efforts on code actually run with vulnerabilities. Fingerprints components based on hashes of code repos, enabling detection of vulnerabilities in shaded jars, fat jars, and slim jars that other tools using component/version pairs do not detect.
Azul Vulnerability Detection leverages Azul JVMs for existing runtime information, saving a separate step associated with legacy agent-based solutions. Agentless approach means no performance impact and nothing extra to distribute/manage.
Leverages information inside the JVM to provide the strongest, most accurate signal of what code is used in production over time with no performance penalty. Provides a comprehensive view across an enterprise’s Java workloads, down to the class/package and method level, making it easy to identify unused and dead code for removal and save developer time and money.
The composition analyzer inside the Azul JVMs uses sophisticated, highly granular detection techniques based on hashing, not version strings, which enables finding vulnerabilities in shaded jars, fat jars, slim jars that existing tools will not detect.
Azul JVMs connect to the Intelligence Cloud Service through a Forwarder. The forwarder is a secure proxy between your environment and the Intelligence Cloud Service so that JVMs can share information with the cloud without connecting directly to it. All data is encrypted (SSL) in flight.
Azul Vulnerability Detection comes with a full featured REST API so you can retrieve results for which components are in use, which are vulnerable, and when they were used or present. This information can be easily consumed for ongoing analysis and integrated into other systems and dashboards.
Users can also access results using an intuitive UI. The web UI is useful for configuration, validation of connectivity, and ad-hoc queries.
There’s a reason Azul has a 100% customer satisfaction rating: our relentless focus on helping customers unleash the true power of Java.
Enjoy follow-the-sun coverage, strict support SLAs, and a 100% customer satisfaction rating.
Azul is the only vendor other than Oracle that provides quarterly security-only JDK updates for assured rapid deployment into production.
Azul is the only company 100% focused on Java and is the largest independent provider of OpenJDK support. Azul is a member of the OpenJDK Vulnerability Group and has the largest Java engineering team after Oracle.
Click on any highlighted areas as you mouse over the diagram for a description of how Azul Vulnerability Detection works.
Let us help you extend software supply chain security to production for your Java applications.
