Snyk Runtime Monitoring does a couple of important things for your open source components during runtime. It:

• Determines whether a vulnerable dependency is indeed being used at runtime in a way that can be exploited
• Flags vulnerable dependencies identified at runtime, and prioritizes them first by whether those dependencies were called at runtime and then by severity
• Suggests remediation actions

With the data Snyk retrieves and highlights for you, you can focus your remediation efforts where they matter the most - fixing the vulnerabilities whose vulnerable functions are actually invoked at runtime.

Snyk runtime monitoring - an overview of the app interface

When Snyk runtime monitoring is successfully monitoring your projects, there are a few positive indications in the app:

• From the Projects tab, an animated indicator appears on the rows for all projects monitored at runtime:
  

From within a project that is monitored at runtime:

• Monitored at Runtime appears at the top of the project page.
• App instances monitored, displays the number of application instances running and monitored by Snyk at runtime
• Called At Runtime indicates that vulnerable functions were recently invoked in a monitored application instance. This tag appears only when vulnerable functions are called for a monitored project.
• Per vulnerability, the vulnerable functions are listed and Monitored appears next to those functions being watched at runtime.
• An indicator also displays how long it has been since one of the vulnerable functions was last called.
• 

How it works

The Snyk runtime agent does the following:

1. The agent inspects every dependency of your application.
2. It then creates an execution hook on vulnerable functions in relevant dependencies.
3. Using these hooks, the agent detects actual use of vulnerable functions.
4. The agent sends this data in beacons to Snyk, adding relevant data to the Snyk project.