Introduction

Many organizations use Open Source Software to speed up the development of their software. However, between 70% to 90% of those components are not required for the software to function. This poses a security risk for the organization as these unnecessary components contain a large number of vulnerabilities and it increases its software attack surface. Maintaining this unnecessary code is time-consuming, which decreases the efficiency of the engineering and security teams.

RapidFort's SASM Platform automatically identifies software components not needed during execution at either Build time in a lower environment or Run time in production. By removing these unnecessary components manually or automatically using tools built into the platform, the attack surface and vulnerabilities can be reduced by 95%. This enables developers to concentrate on building great software instead of spending time fixing vulnerabilities in code they didn't write, dramatically increasing the efficiency of the dev and security teams. The optimized containers load faster and consume fewer resources, reducing the organization's cloud costs.

RapidFort’s toolset consists of the RapidFort SASM platform, optional Runtime deamonset for Kubernetes clusters, client CLI tools, and a Web-based dashboard for viewing the results of scanning and hardening, downloading reports, and administration, such as onboarding users and creating service accounts.