Unpatched vulnerabilities and misconfigurations in production environments increase the attack surface significantly, and have led to the most high profile breaches of recent times. Deepfence helps you measure the attack surface at runtime and as part of your CI/CD workflows.
Deepfence Vulnerability Scanner helps you to scan container images and hosts for known vulnerabilities. This is done as a part of CI/CD process, a cronjob, or as part of in-house automation scripts. Unlike most other scanners which depend only on NVD, Deepfence scanner fetches vulnerability details, security advisories and even analyzes Github tickets to provide language and stack specific vulnerability scanning.
At runtime, in addition to custom security tests, Deepfence also runs various benchmarks like DockerBench and CIS Benchmark to figure out misconfigurations and violation of best practices.
Deepfence is a unified platform for application layer intrusion detection, prevention, and response. These features, in addition to vulnerability management and hardening, fulfill various compliance requirements.