Revolutionizing Application Security: Apiiro Unveils Groundbreaking Code-to-Runtime Technology

As application security evolves in complexity, Apiiro remains committed to finding innovative solutions to the challenges of designing and deploying safe software. Our advanced Code-to-Runtime Matching Technology powered by Deep Code Analysis (DCA) addresses one of the most significant challenges in modern software development and security: bridging the gap between source code and application runtime.

The Traceback Challenge

Application security and software development teams allocate valuable time and resources to tracing issues raised by runtime scanners back to the software development and/or DevOps owners. While automated methods can be implemented in an attempt to streamline this process, developers and/or DevOps still need to manually add tags and labels to CI/CD pipelines or use specific naming conventions to identify how code is being deployed. 

Powered by our Deep Code Analysis (DCA) technology, Code-to-Runtime automatically matches runtime components back to their code source, identifying both high-level components (e.g., container images) and granular components (e.g., specific APIs or open-source packages) without requiring any manual setup.

Why Code-to-Runtime Matching Matters

Code-to-Runtime is a critical aspect of modern application security that offers numerous benefits for organizations striving to maintain robust security postures in modern environments in runtime, including:

• Comprehensive Risk Assessment: By correlating findings from both runtime and source code, security teams gain a holistic view of potential vulnerabilities and can more accurately assess an application’s security posture.
• Contextual Prioritization: Bidirectional context enables security teams to prioritize the most critical vulnerabilities. 
• Clear Ownership and Accountability: Quickly identify the owner or team responsible for a high-level component or granular component.
• Efficient Remediation: Precise tracing between runtime components and source code is crucial for quickly solving identified vulnerabilities.

At first glance, matching runtime components to their source code may seem straightforward, but the reality is far more complex due to the transformations that occur during the build process.

“Apiiro’s new code-to-runtime matching feature brings critical runtime risks into direct context with the code itself, offering valuable insights on where vulnerabilities may need attention and who should address them,” said James Brierley, senior security researcher at GEOTAB. “This approach is a game-changer for prioritization, showing if a vulnerability exists in code actively used in production—allowing us to focus on the most pressing risks first. By integrating deep code-based matching, we’re poised to streamline our process and save resources by connecting runtime issues directly to the right teams.”

Apiiro’s Innovative Solution: DCA-Based Matching

Apiiro’s approach to solving the code-to-runtime matching challenge focuses on identifying applicative fingerprints, distinctive artifacts or metadata that can be reliably traced between the source code and the runtime component. These fingerprints must be broad enough to provide extensive coverage, yet specific enough to avoid false positives.

To ensure accuracy, Apiiro’s technology analyzes both the source code and the content of the component within the runtime environment. This deep analysis allows for the extraction of meaningful data that goes beyond surface-level metadata.

Benefits of this technology include:

• Enhanced visibility: Gain a complete view of the application landscape, from code to runtime.
• Accurate Risk Prioritization: Contextualize findings based on business and application architecture.
• Streamlined Workflows: Embed security guardrails into PRs and builds, triggering automated remediations.
• Unified Risk Management: Aggregate and enrich security findings from all tools for a comprehensive risk view.

The “field test” of this groundbreaking new DCA-based matching came earlier this year, when Apiiro partnered with runtime API security provider Akamai to create an end-to-end approach for reducing remediation times across the API landscape.

“Apiiro is committed to enabling autonomous security across the entire software development lifecycle, and true code-to-runtime matching goes beyond containers and cloud environments,” said Moti Gindi, chief product officer at Apiiro. “Our platform understands that not every code component is relevant to what’s running in production and not every runtime component is relevant to the codebase or person responsible for it. Code-to-Runtime delivers the level of precision required to gather meaningful insights and prevent the influx of false positives that plague other solutions on the market. As evidenced by our partnership with Akamai earlier this year, we’re delivering a holistic approach, matching APIs in code to API endpoints in runtime. This not only enhances overall application security, it enables teams to focus on the most critical issues to foster a more secure and efficient development lifecycle.”

“Apiiro’s code-level API inventory and security seamlessly complement Akamai’s runtime API security, creating an end-to-end approach that spans from development to production,” says Patrick Sullivan, CTO Security at Akamai. “With Apiiro’s code-to-runtime matching, we can connect runtime API risks directly back to the code and its owners, allowing us to streamline remediation and reduce Mean Time to Remediate (MTTR). This collaboration gives us a comprehensive view of our API landscape and ensures we focus on critical risks, maximizing efficiency and security and reduce costs across the entire lifecycle of our applications.”

Beyond Matching: A Comprehensive ASPM Solution

Apiiro’s Code-to-Runtime Matching Technology is part of a broader application security posture management (ASPM) platform, which offers:

• Deep ASPM: A unified view of application security findings, normalized and prioritized based on risk.
• eXtended Software Bill of Materials (XBOM): Complete visibility across applications and software supply chains.
• Native Security Solutions: Extended coverage with code-based solutions for software supply chain security, secrets detection, and more.
• Risk Detection at Design: Integrate security into the earliest stages of the SDLC. Advanced AI algorithms and a private LLM model analyze the context and content of development tickets –identifying risks before code is written.

Transforming Application Security

In today’s fast-paced development environment, security cannot afford to be an afterthought. Apiiro’s In today’s fast-paced development environment, security cannot afford to be an afterthought. Apiiro’s Code-to-Runtime Matching Technology represents a significant leap forward in application security, enabling organizations to:

• Build a comprehensive inventory of codebases.
• Optimize application security tools and processes.
• Align security, risk management, and development teams.
• Slash remediation times and focus on critical risks.

This DCA-powered technology empowers organizations to build a more secure, efficient, and accountable software development process by addressing the complex challenge of maintaining traceability between source code and applications in runtime. By providing such content within an open platform ethos, Apiiro is not just keeping pace with the evolving landscape of application security—we’re leading the charge.

Set up a free demo of our groundbreaking Code-to-Runtime Matching Technology and experience the future of application security.