Embrace Secure Software Supply Chains with Azul Vulnerability Detection

Provider of the Java platform for the modern cloud enterprise, Azul, is launching its latest SaaS product for ongoing security vulnerability detection within Java applications. Azul Vulnerability Detection can uphold performance while eliminating false positives, making it quite valuable for in-production usage where end-to-end security across the software supply chain is critical, according to the company.

Azul Vulnerability Detection’s capabilities are segmented into two key areas: detecting vulnerabilities in third-party production code and detecting vulnerabilities to secure software supply chains.

According to the company, an estimated 40-80% of the lines of code in software come from third party libraries, components, and SDKs. It’s clear that third-party sources introduce vulnerabilities to enterprise functions, imparting risk across the phases of software supply chains. Notably, a critical vulnerability found in conjunction with Log4j named Log4Shell poses great risk for enterprises. Azul Vulnerability Detection provides accurate runtime-level visibility to empower accelerated remediation of vulnerabilities, such as Log4Shell, with less operating expense.

“Attackers will target commonly used open source to find vulnerabilities because they know their wide usage will leave many organizations open to attack. We’ve learned from past vulnerabilities like Log4Shell that the challenge is in rapidly finding the instances in use and quickly remediating them,” said Melinda Marks, senior analyst at Enterprise Strategy Group. “Azul Vulnerability Detection will be helpful for organizations to use to efficiently remediate Java vulnerabilities to protect their applications.”

In-production vulnerability detection is regarded by Azul as critical towards eliminating impacts to performance and preserving software supply chains. Azul Vulnerability Detection identifies code with a granular lens inside Azul JVMS, then maps against a curated Java-specific database of common vulnerabilities and exposures (CVE), according to the company. These capabilities enhance accuracy of results while eliminating false positives, including for custom code or shaded components. The solution also provides a history of detections, allowing users to reference back to systems running vulnerable versions.

“Azul Vulnerability Detection makes security a byproduct of simply running your Java software,” said Scott Sellers, Azul CEO and co-founder. “Our new product fills a critical gap in enterprises’ security strategies—detecting vulnerabilities at point of use in production, the endpoint of the software supply chain. As a leading Java runtime provider to the world’s most important enterprises around the globe, Azul is uniquely positioned to augment the vulnerability detection market by eliminating the performance penalties and false positives that have plagued customers who rely solely on legacy tools.”

Azul Vulnerability Detection features a culmination of different functions that enhance Java applications and provide a multitude of benefits. As an agentless solution, Azul Vulnerability Detection does not impact performance or increase cost expenditures for maintaining and updating separate agents in production. The solution supplies detection for every Java application, library, and framework, including Spring, Hibernate, Tomcat, Quarkus, and more, regardless if it was built or bought. Azul Vulnerability Detection is now generally available and is compatible with any Azul JVM, including free Azul Zulu Builds of OpenJDK.

For more information about Azul Vulnerability Detection, please visit