October 24, 2022

Now Available: Deepfactor Developer Security 3.0

Deepfactor

Resources > Blog

Whitepaper: Introducing SCA 2.0: Prioritize Risk, Reduce False Positives, and Eliminate SCA Alert Fatigue

Download Today! >

Deepfactor Developer Security 3.0 Adds Real-Time DevSecOps Insights with Intuitive Developer Friendly User Experience

Deepfactor Developer Security 3.0 includes significant architectural changes to improve the product experience for developers, AppSec teams, and engineering leaders. One of the biggest changes was the introduction of streaming alert service which analyses telemetry information received from instrumented applications and raises alerts in near real-time. In addition, Deepfactor 3.0 has completely redesigned UX/UI that provides a more intuitive and visually pleasing experience for users.

For additional details on 3.0 release, please review the Release Notes in DeepFactor Docs.

Deepfactor 3.0 Release Highlights

New Features

Enhancements

Core Platform
  • Streaming alert service
  • A more intuitive UX/UI
  • All Deepfactor pods now have default cpu and memory resource limits along with horizontal pod autoscaling configuration.

Instrumentation
  • Detection of libc variant in the application using a simple bootstrap mechanism without the use of image analyzer
  • By default, job and cronjob pods will not be instrumented.
  • Improved instrumentation error messages for static or unknown libc programs.

Insights
  • A unified policy for compiled and interpreted languages
  • A more expressive policy language
  • One alert per unique occurrence to triage security issues independently
  • Enhanced categorization of alerts.

Integrations
  • The Deepfactor and Synopsys BlackDuck integration now pulls license information from BlackDuck database when enabled in addition to vulnerability information.

Release Details

Key Features Added

  1. Streaming alert service:  Deepfactor introduced a new architectural component, streaming alert service. This service receives telemetry event from instrumented applications and analyses them to raise alerts in near real-time. This will provide almost immediate feedback to developers when an issue occurs in the running application. This service is also horizontally scalable allowing for the portal to auto scale up and down as the number of applications increase or decrease.

  2. Expressive alert rule language: With the introduction of streaming alert service, Deepfactor adopted a more expressive alert rule language that allows for Deepfactor to add complex alert conditions. This allowed for us to combine compiled and interpreted alert policies into one.

  3. New UI/UX: Deepfactor launched the new user experience along with the new branding, providing users with an intuitive self-service UI.

  4. Simpler detection of libc variant: Deepfactor has developed a simple bootstrap mechanism to detect variants.

Key Enhancements

  1. Pod resource limits: All of Deepfactor portal and webhook pods now have default cpu and memory request and limits along with horizontal pod autoscaling configuration. This will allow Deepfactor pods to horizontally scale when users want to concurrently instrument large number of applications.

  2. BlackDuck Integration: In the first phase of the BlackDuck integration, Deepfactor fetched vulnerabilities from Synopsys BlackDuck. Deepfactor now pulls the license information as well from Synopsys BlackDuck.

 

Whitepaper: Introducing SCA 2.0: Prioritize Risk, Reduce False Positives, and Eliminate SCA Alert Fatigue

Download Today! >

You might also be interested in...

Subscribe to our monthly eNewsletter and stay up-to-date on everything Deepfactor has to offer!

Sign Up >