Java services company Azul has unveiled Azul Vulnerability Detection, a software-as-a-service (SaaS) product that leverages the Azul JVM to continuously monitor Java applications for security vulnerabilities.
Azul Vulnerability Detection, introduced November 2, is an agentless cloud service designed for production use. It addresses enterprise risk around software supply chain attacks and eliminates false positives while not impacting performance, Azul said.
Accessible from azul.com, Azul Vulnerability Detection identifies code running in the Azul JVM and maps it against a curated Java-specific database of common vulnerabilities and exposures (CVEs).
A history of detections is retained so when new CVEs are disclosed, users can determine when and on what systems they have been running vulnerable software.
Azul Vulnerability Detection checks all Java software including frameworks such as Spring, Hibernate, Tomcat, Quarkus, and Micronaut, and including infrastructure such as Kafka, Cassandra, Elasticsearch, Spark, Hive, and Hadoop. By leveraging monitoring and detection built into Azul JVMs, it eliminates a performance penalty.
Azul Vulnerability Detection is part of the Azul Intelligence Cloud product family. The service works with any Azul JVM, including Azul Zulu Builds of OpenJDK, and is compatible with all Java applications, libraries, and frameworks.