September 27, 2023

Azul Systems this week announced the launch of Azul Vulnerability Detection, a new software-as-a-service product designed to continuously detect known security vulnerabilities in Java applications to help enterprise customers avoid risk from software supply chain attacks.

As a part of software supply chain, the pre-built libraries from external third parties, both open source and closed source, that need to be updated frequently to keep applications running and stay ahead of the competition.


Azul Vulnerability Detection makes security a by-product of simply running your Java software and  fills a critical gap in customers security strategies detecting vulnerabilities at the point of use in production, the endpoint of the software supply chain.

An estimated 40% to 80% of the lines of code used by enterprise customers come from third parties such as libraries, components, and software development kits. Vulnerabilities, bugs, and other exploits can hide within any of these different sources all along the supply chain.

One longstanding, ongoing software supply chain attack that occurred  a year ago is Log4Shell, which affected the widely-used open-source Java-based logging component Log4j from Apache. It was recently called an “endemic vulnerability” by the U.S. Department of Homeland Security.

Azul  is built to interoperate with numerous enterprise Java application software frameworks including Spring, Hibernate, Tomcat, Quarkus, Micronaut, and infrastructure such as Kafka, Cassandra, Spark, Hive, Hadoop and more.

Azul provides an agentless cloud SaaS solution that can provide monitoring and remediation capabilities based on real usage for production, testing and development environments. Using Azul’s own Java virtual machines, customers avoid performance and management issues associated with other tools and can simply view results from backend dashboards or alerts produced via application programming interfaces.


With Vulnerability Detection up and running, developer and operations teams can quickly detect and discover vulnerabilities and resolve them before they can be exploited by malicious attackers. This has the capability to check all enterprise Java software irrespective of its source, whether it was developed in-house, purchased, or introduced with a recent change.

Leave a Reply

%d bloggers like this: