Discover Azul's high-performance Java platform providing faster speed, startup, & efficiency without code changes
Support
Speak to a Java Expert Download Now

Azul Vulnerability Detection

Continuously detect known vulnerabilities
in your Java applications in production

Contact a Technical Consultant Book a Demo

Extend Your Software Supply Chain Security to Production

Detecting vulnerabilities in production is more critical than ever for enterprises. Azul Vulnerability Detection, a feature of Azul Intelligence Cloud, continuously detects known vulnerabilities in production, filling the critical gap in enterprises’ secure software supply chain strategies. By using Java runtime information from any JVM from any vendor or distribution, it produces more accurate results with no performance penalty and eliminates false positives.

computer

Runs in Production

Continually assesses both custom and commercial applications for exposure to vulnerabilities in production without the need for source code. Compares code run to Java-specific CVE (Common Vulnerabilities and Exposures) database in the cloud.

cancel

Eliminates False Positives

Focuses scarce human remediation effort where vulnerable code is used vs simply present. Eliminates false positives by monitoring code executed by the Java runtime (JVM) and generates accurate results unattainable by traditional tools.

speed

No Performance Penalty

Highly efficient collection of runtime data eliminates the performance penalty commonly seen with other application security tools.

radar

Detection for All Java Apps

Checks all of an enterprise’s Java-based software – whether they built it, bought it, or are introducing a regression with a recent change – including frameworks such as Spring, Hibernate, Tomcat, Quarkus, Micronaut, Kafka, Cassandra, Elasticsearch, Spark, Hive, Hadoop, and more.

policy

Historical Traceability for Focused Forensics

Retains detection history, helping enterprises focus forensic efforts to determine if vulnerable code was actually exploited prior to it being known as vulnerable.

Introducing Intelligence Cloud

Boost DevOps Productivity with Actionable Intelligence from Production Java Runtime Data from any JVM.

Learn More

Features

Your Data, Secure Azul Vulnerability Detection

Your Data, Secure

Your data is stored in a single tenant, protected environment called an Instance, isolated from other customers, in our Intelligence Cloud Service. Your instance is constantly processing new JVM data and comparing with new and existing CVE data to detect vulnerabilities.

Learn More east
CVE Knowledge Base Azul Vulnerability Detection

CVE Knowledge Base

A custom, curated database of known vulnerabilities is continuously updated in the Intelligence Cloud Service with the latest Java-specific CVEs, so customers can focus their remediation efforts on code actually run with vulnerabilities. Fingerprints components based on hashes of code repos, enabling detection of vulnerabilities in shaded jars, fat jars, and slim jars that other tools using component/version pairs do not detect.

Learn More east
Advanced Detection Azul Vulnerability Detection

Advanced Detection

The composition analyzer takes existing information the JVM has from running Java applications and uses sophisticated, highly granular detection techniques based on hashing, not version strings, which enables finding vulnerabilities in shaded jars, fat jars, slim jars that existing tools will not detect.

Learn More east
Forwarder Azul Vulnerability Detection

Forwarder

JVMs connect to the Intelligence Cloud Service through a Forwarder. The forwarder is a secure proxy between your environment and the Intelligence Cloud Service so that JVMs can share information with the cloud without connecting directly to it. All data is encrypted (SSL) in flight.

Learn More east
REST API Azul Vulnerability Detection

REST API

Azul Vulnerability Detection comes with a full featured REST API so you can retrieve results for which components are in use, which are vulnerable, and when they were used or present. This information can be easily consumed for ongoing analysis and integrated into other systems and dashboards.

Learn More east
UI Azul Vulnerability Detection

UI

Users can also access results using an intuitive UI. The web UI is useful for configuration, validation of connectivity, and ad-hoc queries.

Learn More east

The best Java support in the industry.
Bar none.

There’s a reason Azul has a 100% customer satisfaction rating: our relentless focus on helping customers unleash the true power of Java.

Expert problem resolution available 24/7

Enjoy follow-the-sun coverage, strict support SLAs, and a 100% customer satisfaction rating.

Security only updates

Azul is the only vendor other than Oracle that provides quarterly security-only JDK updates for assured rapid deployment into production.

Java Experts

Azul is the only company 100% focused on Java and is the largest independent provider of OpenJDK support. Azul is a member of the OpenJDK Vulnerability Group and has the largest Java engineering team after Oracle.

Discover Even More

Data Sheets

Boost DevOps Productivity: Actionable Intelligence from Production Java Runtime Data
Research & White Papers

Azul State of Java Survey and Report 2023
Research & White Papers

Azul bolsters Intelligence Cloud analytics with support for any Java virtual machine
Research & White Papers

Assessing the CVE Detection Landscape
Video Play Button
Webinars & Videos

Your Undead Code Is A Time Vampire
Research & White Papers

Reducing Software Supply Chain Risk Utilizing Java Production Data

How It Works

Click on any highlighted areas as you mouse over the diagram for a description of how Azul Vulnerability Detection works.

JVMs

Azul Vulnerability Detection efficiently captures Java runtime information in production and dev/test environments from any JVM from any vendor or distribution, ensuring accuracy and eliminating false positives with no performance penalty. Azul Vulnerability Detection uses advanced detection based on hashing, not version strings, to identify components, enabling it to find vulnerabilities in shaded JARs, fat JARs, and slim JARs that are undetected by legacy tools.

UI

User can also access results through an intuitive Web UI. The UI is useful for configuration, quick validation of connectivity, and ad-hoc queries.

REST API

The REST API allows you to retrieve results for which components are in use, which are vulnerable, and when they were used or present. The REST API enables easy integration into other systems and can be easily consumed for ongoing analysis.

Forwarder

The Forwarder is a secure proxy between your environment and the Intelligence Cloud Service. The Forwarder ensures JVMs never connect directly to the cloud; similarly, the cloud never initiates a conversation with the Forwarder/JVMs. All data in flight is SSL encrypted between the Forwarder and the cloud. The Forwarder also provides a single control point for organizations to monitor traffic.

Your Data

Your data is kept in a single-tenant, protected environment, isolated from other customers, but it still benefits from historical data of all Azul instances and the constant processing of new JVM data and new CVE data.

Results

Azul Vulnerability Detection retains detection history, helping enterprises focus forensic efforts to determine if vulnerable code was exploited before it was known to be vulnerable.

CVE Knowledge Base

Azul Vulnerability Detection checks code that runs against a custom, curated Java-specific database of known vulnerabilities continuously updated with the latest CVEs. The Knowledge Base stores hashes of code repositories, not just component/version pairs, enabling detection of vulnerabilities in shaded JARs, fat JARs, and slim JARs that are undetected by legacy tools.

Azul Security Team

The CVE Knowledge Base contains information about known CVEs. The Azul security team filters these down to understand which CVEs relate to Java and which our customers should pay attention to.

Ready? So are we.

Let us help you extend software supply chain security to production for your Java applications.

Contact a Technical Consultant