Snyk Runtime Monitoring does a couple of important things for your open source components during runtime. It:
- Determines whether a vulnerable dependency is indeed being used at runtime in a way that can be exploited
- Flags vulnerable dependencies identified at runtime, and prioritizes them first by whether those dependencies were called at runtime and then by severity
- Suggests remediation actions
With the data Snyk retrieves and highlights for you, you can focus your remediation efforts where they matter the most - fixing the vulnerabilities whose vulnerable functions are actually invoked at runtime.
Snyk runtime monitoring - an overview of the app interface
When Snyk runtime monitoring is successfully monitoring your projects, there are a few positive indications in the app:
- From the Projects tab, an animated indicator appears on the rows for all projects monitored at runtime:
From within a project that is monitored at runtime:
- Monitored at Runtime appears at the top of the project page.
- App instances monitored, displays the number of application instances running and monitored by Snyk at runtime
- Called At Runtime indicates that vulnerable functions were recently invoked in a monitored application instance. This tag appears only when vulnerable functions are called for a monitored project.
- Per vulnerability, the vulnerable functions are listed and Monitored appears next to those functions being watched at runtime.
- An indicator also displays how long it has been since one of the vulnerable functions was last called.
How it works
The Snyk runtime agent does the following:
- The agent inspects every dependency of your application.
- It then creates an execution hook on vulnerable functions in relevant dependencies.
- Using these hooks, the agent detects actual use of vulnerable functions.
- The agent sends this data in beacons to Snyk, adding relevant data to the Snyk project.