Sysdig, the unified container and cloud security company, has announced the availability of Risk Spotlight, a vulnerability prioritization feature based on runtime intelligence. Risk Spotlight enables security teams to reduce alert noise and effectively prioritize remediation based on a more accurate risk assessment to efficiently reduce risk without slowing down developers.
Risk Spotlight eliminates the noise from vulnerabilities that pose no immediate risk by identifying the packages only used at runtime. This helps DevOps and developer teams understand the real risk in their container environments and minimize alert fatigue.
Also, Risk Spotlight delivers vulnerability details – such as the CVSS vector from multiple sources, the fix version, and any available exploits – to manage vulnerability risk at scale.
According to the company, Risk Spotlight provides a single view of vulnerability risk across the container lifecycle – from build to runtime. The new UI also speeds remediation by giving developers a package-centric view of vulnerabilities, along with the fix or upgrade they need to apply. Developers can also apply security best practices early by removing unused packages during the build process.
Risk Spotlight is available now to Sysdig Secure users at no additional cost.