
What Info is Transmitted Between Your System and Azul Vulnerability Detection
Azul Vulnerability Detection is a combination of applications running within your environment combined with an analysis and data collection solution provided by Azul as Software as a Service (SaaS). This means there is an exchange of JVM Meta Data from your environment to the Azul system. This document describes what data are exchanged exactly and how the security of your JVM Meta Data is handled at every level involved.
Components Within the System
To be able to provide vulnerability information, three components are involved:
-
Within your environment
-
Java Runtimes
-
Forwarder(s)
-
-
Provided by Azul
-
Azul Vulnerability Detection Web UI and APIs
-
Java Runtime
The Java Runtime (being Azul Zulu JRE and/or Azul Zulu Prime JRE) runs within your environment and will never need access to the public internet to exchange data with Azul Vulnerability Detection. The runtime will collect information about the libraries inside the application using the Connected Runtime Service (CRS), a component inside the JVM. But only if experimental options are enabled and a valid Forwarder URL has been specified (see Connect to Azul Vulnerability Detection via the Forwarder), CRS will transmit these JVM Meta Data to the Forwarder.
Note
|
Our runtimes only send data regarding the Java runtime and libraries for this very specific functionality. There is no other information exchanged with Azul, and all collected JVM Meta Data in the Saas environment is available to you via our Web UI and API. In contrast to distributions from other providers, Azul will not, and cannot, use this information to check licenses. |
Forwarder
The Forwarder is a separate application provided by Azul to be installed within your environment (at least once, for more info, see "One-time Setup"), that will transmit the JVM Meta Data provided by the runtimes to Azul Vulnerability Detection. It requires access to the public internet. Rotating certificates secure the connection between the Forwarder and Azul Vulnerability Detection.
Azul Vulnerability Detection
Our SaaS solution to detect vulnerabilities in your applications, uses an internal knowledge base containing "fingerprints" (hashes) as described on "How CVEs are Detected". At this point, Azul doesn’t have any other reference to your code or applications except the info related to the Instance ID.

Detailed Info About APIs
The Forwarder is the "gateway" between the runtimes within your environment and the Azul Vulnerability Detection SaaS solution. All data flowing through the Forwarder is transmitted via an API approach.
APIs Between Java Runtime and Forwarder
API | Method | Description |
---|---|---|
/crs/instance/{vmId} |
POST |
Report new VM instance events. |
/crs/auth/rt/token |
GET |
Get new runtime token. |
/crs/auth/rt/token |
POST |
Refresh runtime token. |
Data Model Exchanged Between Java Runtime and Forwarder
VM Instance
The model of a VM instance managed by CRS.
Field | Description |
---|---|
vmId |
VM instance ID generated by CRS |
clientVersion |
Version of CRS client used by VM instance |
clientRevision |
Source code revision of CRS client used by VM instance |
inventory |
See Inventory model. |
jvmInfo |
JVM information derived from VM instance metadata:
|
startTime |
Start time of the VM instance (epoch millis) |
lastHeardTime |
Last time VM instance was heard by CRS service (epoch millis) |
owner |
User name associated with VM instance |
mailbox |
Mailbox ID used by CRS to report VM instance metadata and telemetry |
state |
State of VM instance last known to CRS:
|
tags |
Tags of VM instance consisted of named string values |
VM Event
VM event reported to the Forwarder by a VM instance.
Field | Description |
---|---|
vmId |
VM instance associated with event, must be set only for user initiated requests |
eventId |
Synthetic primary key of event |
eventType: |
VM event types supported by CRS:
|
eventTime |
VM event time (epoch millis) |
receivedTime |
The time VM event first observed by the server (epoch millis) |
VM Jar Loaded
Payload of VM_JAR_LOADED event.
Field | Description |
---|---|
jarName |
JAR file name |
url |
URL used by JVM to access JAR content |
centralDirectoryHash |
Hash value computed by central directory of JAR archive |
centralDirectoryLength |
Length of the central directory of JAR archive |
centralDirectoryExtractionMethod |
Method used to obtain central directory of JAR archive |
recursionDepth |
Depth of JAR when nested JAR is reported recursively |
manifestHash |
Hash value computed by META-INF/MANIFEST.MF of JAR |
initiatedBy |
The party that initiated the reporting of JAR:
|
mavenComponents |
Maven components detected by metadata files of JAR (pom.properties, etc.), containing:
|
stats |
Time counters computed on JAR processing, containing:
|
entries |
Packed data with JAR entry details |
VM Class Loaded
Payload of VM_CLASS_LOADED event.
Field | Description |
---|---|
classId |
VM specific ID of the class |
loaderId |
VM specific ID of the class loader that loaded the class |
className |
Fully qualified class name |
source |
Source of the loaded class |
hash |
Hash calculated by original class content |
transformedHash |
Hash of the class that was transformed on loading (e.g. instrumented) |
VM Method First Called
Payload of VM_METHOD_FIRST_CALLED event.
Field | Description |
---|---|
classId |
VM specific ID of the class |
methodName |
Name and signature of the method |
VM Performance Metrics
Payload of VM_PERFORMANCE_METRICS event.
Field | Description |
---|---|
numEventBatches |
Number of buckets sent to the cloud (events are sent in buckets) |
numBytesOut |
Number of bytes of data sent to the cloud |
numConnections |
Total number of HTTP connections established to the cloud (including all reconnects) |
numRequests |
Total number of HTTP requests to the cloud (greater than the number of connections since connections may be cached) |
numClassLoads |
Total number of registered class load events |
maxQueueLength |
Max reached event queue length |
handshakeMillis |
Elapsed time on handshake with the cloud |
numBytesInArtifacts |
Number of bytes sent as artifact data |
communicationMillis |
Elapsed time on network activity (handshake + read + write) |
numBytesIn |
Number of bytes received from the cloud |
numEvents |
Number of events sent to the cloud (class load, jar load, and everything else) |
numEventHistogram |
Histogram of the number of events sent to the cloud in one batch (base 2 logarithm of the number of events in the batch) |
preShutdownMillis |
Time elapsed since the start of VM shutdown hooks (effectively the end of user application), till the end of processing of rest events in the queue |
numMethodEntries |
Number of executed unique Java methods |
Inventory
VM instance inventory reported by connected runtime.
Field | Description |
---|---|
hostName |
Host name of machine running VM instance |
networks |
Network interfaces of machine running VM instance, containing an array with hostname and address |
systemProperties |
JVM system properties |
systemInfo |
System info of machine running VM instance For example: |
cpuInfo |
CPU info of machine running VM instance For example: |
memInfo |
Memory info of machine running VM instance For example: |
osInfo |
OS info of machine running VM instance For example: |
osEnvironment |
OS environment variables on VM instance execution |
jvmArgs |
JVM arguments of VM instance For example: |
mainMethod |
Main method executed by JVM on VM instance invocation For example: |