Azul Vulnerability Detection Announced
November 03, 2022

Azul announced Azul Vulnerability Detection, a new SaaS product that continuously detects known security vulnerabilities that exist in Java applications.

By eliminating false positives and with no performance impact, Azul Vulnerability Detection is ideal for in-production use and addresses the rapidly increasing enterprise risk around software supply chain attacks.

Azul's agentless cloud service helps organizations understand their Java application exposure to known vulnerabilities based on real usage in production, QA and development. This approach enables true end-to-end security across the software supply chain with no performance penalty while eliminating false positives.

Azul Vulnerability Detection identifies code run using sophisticated, highly granular techniques inside Azul JVMs and maps against a curated Java-specific database of common vulnerabilities and exposures (CVEs). This produces more accurate results and eliminates false positives, even for custom code and shaded components. Additionally, the history of detections is retained so that when new CVEs are disclosed organizations can find out when and on what systems they have been running the vulnerable versions, allowing for focused and efficient forensics.

Users can access data about which components are (or were) present, in use and vulnerable, via either the product’s API or an intuitive UI. As an agentless cloud service, Azul Vulnerability Detection avoids the performance penalty associated with other tools that require customers to install and manage a separate piece of software such as agents.

“Azul Vulnerability Detection makes security a byproduct of simply running your Java software,” said Scott Sellers, Azul CEO and co-founder. “Our new product fills a critical gap in enterprises’ security strategies – detecting vulnerabilities at point of use in production, the endpoint of the software supply chain. As a leading Java runtime provider to the world’s most important enterprises around the globe, Azul is uniquely positioned to augment the vulnerability detection market by eliminating the performance penalties and false positives that have plagued customers who rely solely on legacy tools.”

Today’s announcement represents the latest addition to the Azul Intelligence Cloud family of products. Azul Vulnerability Detection is generally available now and works with any Azul JVM, including free Azul Zulu Builds of OpenJDK, and is compatible with all Java applications, libraries and frameworks. Benefits include:

- Ongoing Detection at Point of Use in Production: Continuously assesses application-level exposure to vulnerabilities in production without the need for source code. Compares code run against a Java-specific CVE database.

- Eliminate False Positives and Accelerate Remediation: Focuses scarce human remediation effort where vulnerable code is or has been used vs. simply present. Eliminates false positives by monitoring code executed by the Java runtime (JVM) and generates accurate results unattainable by traditional tools.

- NoOps with Transparent Performance Enables Practical Production Observability: Leverages monitoring and detection built in to Azul JVMs which eliminates the performance penalty commonly seen with other application security tools. As an agentless solution, eliminates management overhead for maintaining and updating separate agents in production.

- Detection for Every Java Application, Library and Framework: Checks all of an enterprise’s Java software (including frameworks such as Spring, Hibernate, Tomcat, Quarkus, Micronaut, and infrastructure such as Kafka, Cassandra, Elasticsearch, Spark, Hive, Hadoop and more) — whether they built it, bought it, or are introducing a security regression with a recent change.

- Historical Traceability Enables Focused Forensics: History of component and code use is retained, helping enterprises focus forensic efforts to determine if vulnerable code was actually exploited prior to it being known as vulnerable.

Share this

Industry News

December 01, 2022

Salesforce introduced a new Automation Everywhere Bundle to accelerate end-to-end workflow orchestration, automate across any system, and embed data and AI-driven workflows anywhere.

December 01, 2022

Weaveworks announced that Flux, the original GitOps project, has graduated in the Cloud Native Computing Foundation (CNCF®).

December 01, 2022

Tigera announced enhancements to its cluster mesh capabilities for managing multi-cluster environments with Calico.

December 01, 2022

CloudBees achieved the Amazon Web Service (AWS) Service Ready Program for Amazon Elastic Compute Cloud (Amazon EC2) Spot Instances.

November 30, 2022

GitLab announced the limited availability of GitLab Dedicated, a new way to use GitLab - as a single-tenant software as a service (SaaS) solution.

November 30, 2022

Red Hat announced an expansion of its open solutions publicly available in AWS Marketplace.

November 30, 2022

Sisense announced the availability of the Sisense CI/CD Git integration module.

November 29, 2022

Codenotary announced TrueSBOM for Serverless, a self-updating Software Bill of Materials (SBOM) for applications running on AWS Lamda, Google Cloud Functions and Microsoft Azure Functions that is made possible by simply adding one line to the application source code.

November 29, 2022

Code Intelligence announced its open-source Command-Line Interface (CLI) tool, CI Fuzz CLI, now allows Java developers to easily incorporate fuzz testing into their existing JUnit setup in order to find functional bugs and security vulnerabilities at scale.

November 29, 2022

Parasoft announced the 2022.2 release of Parasoft C/C++test with support for MISRA C:2012 Amendment 3 and a draft version of MISRA C++ 202x.

November 28, 2022

Kasm Technologies announced the release of Kasm Workspaces v1.12, providing major enhancements to its portfolio of digital workspaces delivering Desktop as a Service (DaaS), Virtualized Desktop Infrastructure (VDI), Remote Browser Isolation (RBI), Open-Source Intelligence Collection (OSINT), Training/Sandboxes, and Containerized Application Streaming (CAS).

November 28, 2022

Cloud4C has achieved Amazon Web Services (AWS) DevOps Competency status.

November 28, 2022

Simplilearn has acquired Fullstack Academy, for an all-cash transaction.

November 22, 2022

Red Hat introduced Red Hat Enterprise Linux 9.1and Red Hat Enterprise Linux 8.7.

November 22, 2022

Armory announced its new cloud-based solution called Continuous Deployment-as-a-Service, now available on the AWS Marketplace.