1. Code Repositories

The Kodem CORE engine integrates directly with source control management (SCM) systems to extract and analyze data at the source code level. The engine performs the following operations:

• Static Code Analysis: Applies a combination of rule-based and contextual parsing techniques to identify coding flaws, misconfigurations, and potential vulnerabilities.
• Dependency Mapping: Constructs a comprehensive graph of direct and transitive dependencies, identifying vulnerable third-party libraries that may propagate security risks.
• Function-level Reachability: Evaluates the call graph to determine whether identified vulnerabilities are reachable and exploitable during runtime. This reduces the scope of irrelevant vulnerabilities by focusing on execution paths.

2. Container Registries

At the container level, Kodem CORE inspects container images to identify vulnerabilities introduced through dependencies and environment configurations. The analysis includes:

• Binary Analysis: Decompiles and scans binary files within container images to detect known vulnerabilities and code anomalies, focusing on compiled libraries and executables.
• Base Image Classification: Analyzes the hierarchy and provenance of base images used in container builds, identifying outdated or insecure versions. This process ensures that foundational layers are free of critical security flaws.

3. Runtime Environments

Kodem CORE leverages various low level technologies, such as eBPF (extended Berkeley Packet Filter) to perform a real-time, low overhead monitoring of runtime environments This includes:

• Memory Analysis: Identifies vulnerable code or libraries loaded into memory during execution. This enables the detection of actively exploitable vulnerabilities that static analyses cannot identify.
• OS-Level Dependencies: Maps system-level dependencies, including dynamically loaded libraries and drivers, to detect security risks stemming from external packages.
• Network-Level Events: Analyzes runtime network interactions, monitoring traffic patterns for anomalous behaviors or unauthorized communications that may indicate compromise.
• OS-Level Events: Tracks critical system operations, such as process creation, file access, and privilege escalations, to detect potential exploitation attempts in real time.
• Comprehensive Observability: By collecting and analyzing data across these three sources—code repositories, container registries, and runtime environments—Kodem CORE provides a multi-dimensional security profile of the application stack. This holistic approach enables security teams to prioritize and remediate vulnerabilities with high accuracy while minimizing false positives.

1. Events Aggregators

The Events aggregator integrates runtime signals—memory usage, network activity, and OS-level events—into a unified dataset. This enables holistic application analysis and eliminates noise by consolidating relevant security insights.

2. Repository to Image Correlator

The Repo-to-Image Correlator maps container images with specific vulnerabilities directly to the source repositories containing the code or dependencies responsible for those vulnerabilities.

3. Runtime Behavioral Analyzer

The Runtime Behavioral Analyzer monitors execution paths and system interactions in real time. By mapping events to workflows, it identifies anomalies and confirms vulnerabilities that are actively exploitable in production environments.

1. Real-Time Data Validation

• Confirms whether identified vulnerabilities are actively exploitable by correlating runtime behavior with static findings.
• Validates loaded libraries, executed code paths, and active system dependencies to ensure prioritized risks are actionable.

2. Attack Chain Mapping (MITRE ATT&CK)

• Aligns vulnerabilities with the MITRE ATT&CK framework to simulate potential attack scenarios.
• Maps and visualizes attack paths, enabling security teams to disrupt critical chains before exploitation occurs.
• Provides actionable insights into how vulnerabilities impact overall application security posture.

3. Remediation Engine

• Analyzes and provides tailored remediation plans for vulnerabilities in both direct and transitive (upstream, indirect) dependencies, as well as proprietary source code.
• Delivers actionable steps that factor in runtime context, exploitability, and the potential impact of changes.
• Verifies the effectiveness of fixes by validating against runtime behavior and mapped attack paths, ensuring that all vulnerabilities are resolved securely.
• Tracks remediation progress and integrates with CI/CD workflows to ensure continuous security improvement without disrupting development pipelines.