Monitoring open source packages at runtime - now in open beta

Written by:
Aner Mazur
Aner Mazur
wordpress-sync/runtime-tumb-1

January 30, 2019

0 mins read

Today we’re delighted to share that we’re launching our Open Source Security Runtime Monitoring solution, in beta, to all users, with no limitation on usage!

While Snyk invests heavily in making fixing vulnerabilities ridiculously easy by baking it into the development workflow, handling a large backlog of issues can be time-consuming.

We’ve spent the past few months building runtime monitoring, a solution that will help you automatically prioritize these vulnerabilities. Snyk now determines whether a vulnerable dependency is being used at runtime in a way that can be exploited.

Take a quick look into the UI feedback you’ll see once Snyk runtime monitoring is successfully analyzing your project for vulnerable functions:

wordpress-sync/Runtime_post

How runtime monitoring works

A low overhead agent instruments all vulnerable functions in the project’s dependencies and detects actual invocations of the vulnerable functions at runtime.

Rest assured that keeping any performance impact to an absolute minimum has been a priority throughout the development of this feature, and we keep testing that. As part of being fully transparent regarding what you’ll be running in runtime, we’ve made the agents themselves open source. Take a look at our node agent and java agent code.

Find out more

For more information on our runtime monitoring solution and instructions for getting started, visit our previous blog post about runtime monitoring, and read our Documentation.

The instrumentation of the application at runtime opens up many more security capabilities on top of the runtime-based vulnerability prioritization released today. We’ll be sharing these in the coming months, so stay tuned! :)

Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo