Kodem Kernels
Kodem Kernels
Kodem Kernels is our monthly update showcasing the latest product advancements and innovations from Kodem. Guided by our skilled engineering team and invaluable customer feedback, we focus on addressing real-world security challenges. From simplifying vulnerability management to enhancing visibility and improving remediation times, each update reflects our commitment to empowering security teams. Recent highlights include advancements in on-premises code scanning, runtime analysis, and user management, all designed to help you secure applications across diverse environments with precision and efficiency. Stay tuned as we continue to evolve the platform to meet the dynamic needs of modern security.
January 2025 Edition of Kodem Kernels
The January 2025 edition of Kodem Kernels brings exciting updates that redefine how security teams prioritize, triage, and remediate vulnerabilities. This month, we’re introducing code to runtime-informed prioritization, enhanced remediation guidance with actionable fix details, and new runtime-driven function-level analysis across multiple languages. Additionally, advancements in user management, compliance reporting, and AWS runtime sensor deployment further streamline workflows and strengthen security across diverse environments. Dive into this month’s updates to see how Kodem continues to empower security teams with innovative solutions to stay ahead of vulnerabilities.
Below are highlights of our latest platform enhancements:
Code to Runtime Informed Prioritization
Addressing low-priority vulnerabilities can drain valuable time. Kodem's prioritization system evaluates vulnerabilities using severity (Critical, High, Medium, Low) while factoring in runtime usage and exploitability. This data-driven approach ensures critical issues are addressed first, boosting remediation efficiency and reducing risk.
Remediation Guidance for Faster Triaging
Actionable Fix Insights
Security tools often lack clear remediation guidance, creating bottlenecks for teams. Kodem’s enhancements now deliver precise fixes and contextual insights. Teams can swiftly address issues without guesswork by linking detailed vulnerability data—such as package hierarchies and CWE references—to actionable solutions.
The Kodem Unique Advantage: Within Kodem Remediation Guidance, the platform uniquely provides the following insights:
- Runtime Validation: Know if vulnerable code is loaded and actively used during runtime.
- Function-Level Analysis: Identify which vulnerable functions actually executed in runtime.
- Source Mapping: Link vulnerabilities directly to their GitHub/GitLab projects for streamlined fixes.
- Dependency Context: Differentiate between vulnerabilities in direct versus upstream/transitive dependencies.
- Smart Fix Location: Pinpoint the optimal fix location to address the maximum vulnerabilities efficiently.
- Source Attribution: Distinguish vulnerabilities originating from code, containers, language engines (e.g., JVM), or the host.
Drill-Down Capabilities for Focused Analysis
Overwhelmed by vulnerability volume? With one-click access to the Triage page, Kodem empowers teams to zoom into specific issue types or severity metrics. This targeted view allows security professionals to focus on relevant vulnerabilities, offering clear pathways to resolution.
Enhanced User Management and Role Customization
Managing access and permissions is now easier with new roles like Viewer and Ticket Creator. These enhancements allow organizations to tailor access to platform resources, ensuring users have the right level of visibility and control while adhering to security best practices
Real-Time Tracking and Statistical Insights
Static, disconnected data limits proactive risk management. Kodem addresses this by providing real-time tracking of vulnerabilities and their exploit potential. Weekly updates reveal security trends, enabling organizations to manage risks dynamically.
Runtime Function-Level Analysis
Kodem introduced Runtime Function-Level Analysis - the process of identifying and verifying the execution of specific functions within an application during runtime. This includes determining whether functions associated with known vulnerabilities are loaded into the runtime environment and actively executed, as evidenced by runtime data such as memory analysis or process execution. It provides granular insight into the actual utilization of potentially vulnerable code, enabling precise risk assessment and prioritization of remediation efforts.
Kodem’s function-level runtime analysis capability tracks vulnerable functions in active use across languages like Java, JavaScript, TypeScript, Ruby, Scala, and Kotlin. By filtering and prioritizing vulnerabilities with function-level evidence, teams can better understand exploit potential within runtime environments.
Figure 4. Kodem’s function-level runtime analysis capability tracks vulnerable functions in active use across languages like Java, JavaScript, TypeScript, Ruby, Scala, and Kotlin
Technical Advancements to Streamline Security
In addition to the above, the Kodem Runtime Security Platform continues to innovate with:
- On-Premises Code Security: Scan local repositories and integrate findings into centralized management via tools like Jenkins and GitHub Actions.
- Container Security Enhancements: Scan container images directly from Docker Hub, AWS ECR, and Google Artifact Registry.
- Exporting Compliance Data: Generate detailed SBOM reports in CSV format to meet compliance requirements.
- AWS Runtime Sensor Deployment: Deploy runtime sensors across AWS services such as EKS and ECS Fargate to monitor vulnerabilities in real time.
These updates reflect the collaborative spirit at the heart of Kodem’s approach. By partnering with our customers and leveraging cutting-edge engineering practices, we’re transforming how organizations tackle security risks, fostering trust and enabling proactive application protection in every environment – across your software supply chain, code and containers and infrastructure.
Future Platform Enhancements
Code Weakness Analysis (SAST) Integration: Introducing support for identifying and enforcing code weakness detection as part of CI policies, ensuring secure development practices during continuous integration workflows.
Kodem CLI: Enabling direct access to Kodem's capabilities through a command-line interface, streamlining integration and usability for developers and security engineers.
Blog written by
Gal Sapir
With six years of technical writing expertise in the SaaS industry, Gl specializes in translating complex technical concepts into clear API documentation, user guides, technical tutorials and product updates. Her collaborative approach with cross-functional teams ensures technical accuracy while delivering clear content that effectively communicates across diverse audiences.
More blogs
A Primer on Runtime Intelligence
See how Kodem's cutting-edge sensor technology revolutionizes application monitoring at the kernel level.
Platform Overview Video
Watch our short platform overview video to see how Kodem discovers real security risks in your code at runtime.