Security RX integrations overview

There are three ways to import common vulnerabilities and exposure (CVE) data:

APM agents: automatically detect CVEs in the libraries used by your service.
Infra agents: automatically detect CVEs in the OS distribution and any installed packages in the supported Linux distributions used by your infrastructure.
Third party integrations: report CVEs detected by third party integrations such as Dependabot or Snyk.
Our security data API: report CVE data from unsupported third parties or your own solution directly to New Relic through our security API.

APM agents

Our APM agents automatically detect CVEs.

CVE detection coverage differs between agents:

Agent	Minimum agent version	CVE Coverage
Java	All supported versions	Jars
Node.js	All supported versions	Packages
Ruby	All supported versions	Gems
Python	8.0 or higher	Modules
Go	3.20 or higher	Modules
PHP	10.17 or higher	Some packages
.NET	Not supported	N/A

As of release v10.17, New Relic PHP APM Agent supports detecting CVEs in the core packages of these frameworks.

If your project uses Composer to manage dependencies, as of release v11.2, you can configure the New Relic PHP APM agent to detect vulnerabilities in all your packages.

팁

See the Vulnerability Management settings in PHP agent configuration for detailed information about how to configure the integration in the New Relic PHP APM agent.

Supported OS distributions and package managers

Security RX supports following Linux OS distributions:

Debian
Ubuntu
Amazon Linux, CentOS, RHEL & Oracle Linux
SLES

Security RX supports following package managers:

RPM
DPKG

Third party integrations

Import data from your other security tools directly into New Relic. We currently support the following tools. If your tool isn’t listed, send your security data through our security data API.

Security data API

Send data directly to New Relic through our security data API. Use this when a tool-specific integration doesn't exist or if sending payloads directly to New Relic works best for your workflow. Learn more here.

What's next?

After configuring your integrations, start monitoring vulnerabilities:

Security RX for Applications

Monitor vulnerabilities in your application dependencies

Security RX for Infrastructure

Monitor vulnerabilities in your OS packages and distributions

Understand prioritization

Learn how vulnerabilities are ranked by CVSS, EPSS, and ransomware data

Set up alerts

Get notified when vulnerabilities are detected

APM agents.css-21sua1{background:none;border:none;width:0;padding:0;}