What Info is Transmitted Between Your System and Azul Vulnerability Detection

Table of Contents

Components Within the System
Detailed Info About APIs
- APIs Between Java Runtime and Forwarder
- Data Model Exchanged Between Java Runtime and Forwarder

Need help?

Schedule a consultation with an Azul performance expert.

Talk about OpenJDK?

Discuss with the community on the Foojay Forum.

Azul Vulnerability Detection is a combination of applications running within your environment combined with an analysis and data collection solution provided by Azul as Software as a Service (SaaS). This means there is an exchange of JVM Meta Data from your environment to the Azul system. This document describes what data are exchanged exactly and how the security of your JVM Meta Data is handled at every level involved.

Components Within the System

To be able to provide vulnerability information, three components are involved:

Within your environment
- Java Runtimes
- Forwarder(s)
Provided by Azul
- Azul Vulnerability Detection Web UI and APIs

Java Runtime

The Java Runtime (being Azul Zulu JRE and/or Azul Zulu Prime JRE) runs within your environment and will never need access to the public internet to exchange data with Azul Vulnerability Detection. The runtime will collect information about the libraries inside the application using the Connected Runtime Service (CRS), a component inside the JVM. But only if experimental options are enabled and a valid Forwarder URL has been specified (see Connect to Azul Vulnerability Detection via the Forwarder), CRS will transmit these JVM Meta Data to the Forwarder.

Note

Our runtimes only send data regarding the Java runtime and libraries for this very specific functionality. There is no other information exchanged with Azul, and all collected JVM Meta Data in the Saas environment is available to you via our Web UI and API. In contrast to distributions from other providers, Azul will not, and cannot, use this information to check licenses.

Forwarder

The Forwarder is a separate application provided by Azul to be installed within your environment (at least once, for more info, see "One-time Setup"), that will transmit the JVM Meta Data provided by the runtimes to Azul Vulnerability Detection. It requires access to the public internet. Rotating certificates secure the connection between the Forwarder and Azul Vulnerability Detection.

Azul Vulnerability Detection

Our SaaS solution to detect vulnerabilities in your applications, uses an internal knowledge base containing "fingerprints" (hashes) as described on "How CVEs are Detected". At this point, Azul doesn’t have any other reference to your code or applications except the info related to the Instance ID.

Detailed Info About APIs

The Forwarder is the "gateway" between the runtimes within your environment and the Azul Vulnerability Detection SaaS solution. All data flowing through the Forwarder is transmitted via an API approach.

APIs Between Java Runtime and Forwarder

API	Method	Description
/crs/instance/{vmId}	POST	Report new VM instance events.
/crs/auth/rt/token	GET	Get new runtime token.
/crs/auth/rt/token	POST	Refresh runtime token.

API

Method

Description

/crs/instance/{vmId}

POST

Report new VM instance events.

/crs/auth/rt/token

GET

Get new runtime token.

/crs/auth/rt/token

POST

Refresh runtime token.

Data Model Exchanged Between Java Runtime and Forwarder

VM Instance

The model of a VM instance managed by CRS.

Field Description

Field	Description
vmId	VM instance ID generated by CRS
clientVersion	Version of CRS client used by VM instance
clientRevision	Source code revision of CRS client used by VM instance
inventory	See Inventory model.
jvmInfo	JVM information derived from VM instance metadata: Xmx: Max Java heap size Xms: Initial Java heap size
startTime	Start time of the VM instance (epoch millis)
lastHeardTime	Last time VM instance was heard by CRS service (epoch millis)
owner	User name associated with VM instance
mailbox	Mailbox ID used by CRS to report VM instance metadata and telemetry
state	State of VM instance last known to CRS: `STARTED` - [Deprecated, but can be found in old VMs] VM instance is started but not running yet `RUNNING` - VM instance is running `TERMINATED` - VM instance is terminated `OFFLINE` - VM instance does not respond for a long time (disconnected, crashed or any other reason)
tags	Tags of VM instance consisted of named string values

vmId

VM instance ID generated by CRS

clientVersion

Version of CRS client used by VM instance

clientRevision

Source code revision of CRS client used by VM instance

inventory

See Inventory model.

jvmInfo

JVM information derived from VM instance metadata:

Xmx: Max Java heap size
Xms: Initial Java heap size

startTime

Start time of the VM instance (epoch millis)

lastHeardTime

Last time VM instance was heard by CRS service (epoch millis)

owner

User name associated with VM instance

mailbox

Mailbox ID used by CRS to report VM instance metadata and telemetry

state

State of VM instance last known to CRS:

STARTED - [Deprecated, but can be found in old VMs] VM instance is started but not running yet
RUNNING - VM instance is running
TERMINATED - VM instance is terminated
OFFLINE - VM instance does not respond for a long time (disconnected, crashed or any other reason)

VM Event

VM event reported to the Forwarder by a VM instance.

Field	Description
vmId	VM instance associated with event, must be set only for user initiated requests
eventId	Synthetic primary key of event
eventType:	VM event types supported by CRS: VM_CREATE VM_PATCH VM_ARTIFACT_CREATE VM_ARTIFACT_PATCH VM_ARTIFACT_DATA VM_JAR_LOADED VM_CLASS_LOADED VM_METHOD_FIRST_CALLED VM_PERFORMANCE_METRICS VM_HEARTBEAT VM_SHUTDOWN
eventTime	VM event time (epoch millis)
receivedTime	The time VM event first observed by the server (epoch millis)

Field

Description

vmId

VM instance associated with event, must be set only for user initiated requests

eventId

Synthetic primary key of event

eventType:

VM event types supported by CRS:

VM_CREATE
VM_PATCH
VM_ARTIFACT_CREATE
VM_ARTIFACT_PATCH
VM_ARTIFACT_DATA
VM_JAR_LOADED
VM_CLASS_LOADED
VM_METHOD_FIRST_CALLED
VM_PERFORMANCE_METRICS
VM_HEARTBEAT
VM_SHUTDOWN

eventTime

VM event time (epoch millis)

receivedTime

The time VM event first observed by the server (epoch millis)

VM Jar Loaded

Payload of VM_JAR_LOADED event.

Field	Description
jarName	JAR file name
url	URL used by JVM to access JAR content
centralDirectoryHash	Hash value computed by central directory of JAR archive
centralDirectoryLength	Length of the central directory of JAR archive
centralDirectoryExtractionMethod	Method used to obtain central directory of JAR archive
recursionDepth	Depth of JAR when nested JAR is reported recursively
manifestHash	Hash value computed by META-INF/MANIFEST.MF of JAR
initiatedBy	The party that initiated the reporting of JAR: CLASS_LOADING JDK_NATIVE_LOADING RECURSIVE_LOADING OTHER
mavenComponents	Maven components detected by metadata files of JAR (pom.properties, etc.), containing: groupId: Group ID of maven component artifactId: Artifact ID of maven component version: Version of maven component
stats	Time counters computed on JAR processing, containing: visitJarEntries: Elapsed time to visit JAR entries, ns jarEntriesHashes: Elapsed time to compute hashes of JAR class entries, ns jarEntriesShaded: Elapsed time to compute shaded hashes of JAR class entries, ns pomProperties: Elapsed time to process POM properties of JAR, ns
entries	Packed data with JAR entry details

Field

Description

jarName

JAR file name

url

URL used by JVM to access JAR content

centralDirectoryHash

Hash value computed by central directory of JAR archive

centralDirectoryLength

Length of the central directory of JAR archive

centralDirectoryExtractionMethod

Method used to obtain central directory of JAR archive

recursionDepth

Depth of JAR when nested JAR is reported recursively

manifestHash

Hash value computed by META-INF/MANIFEST.MF of JAR

initiatedBy

The party that initiated the reporting of JAR:

CLASS_LOADING
JDK_NATIVE_LOADING
RECURSIVE_LOADING
OTHER

mavenComponents

Maven components detected by metadata files of JAR (pom.properties, etc.), containing:

groupId: Group ID of maven component
artifactId: Artifact ID of maven component
version: Version of maven component

stats

Time counters computed on JAR processing, containing:

visitJarEntries: Elapsed time to visit JAR entries, ns
jarEntriesHashes: Elapsed time to compute hashes of JAR class entries, ns
jarEntriesShaded: Elapsed time to compute shaded hashes of JAR class entries, ns
pomProperties: Elapsed time to process POM properties of JAR, ns

entries

Packed data with JAR entry details

VM Class Loaded

Payload of VM_CLASS_LOADED event.

Field	Description
classId	VM specific ID of the class
loaderId	VM specific ID of the class loader that loaded the class
className	Fully qualified class name
source	Source of the loaded class
hash	Hash calculated by original class content
transformedHash	Hash of the class that was transformed on loading (e.g. instrumented)

Field

Description

classId

VM specific ID of the class

loaderId

VM specific ID of the class loader that loaded the class

className

Fully qualified class name

source

Source of the loaded class

hash

Hash calculated by original class content

transformedHash

Hash of the class that was transformed on loading (e.g. instrumented)

VM Method First Called

Payload of VM_METHOD_FIRST_CALLED event.

Field	Description
classId	VM specific ID of the class
methodName	Name and signature of the method

Field

Description

classId

VM specific ID of the class

methodName

Name and signature of the method

VM Performance Metrics

Payload of VM_PERFORMANCE_METRICS event.

Field	Description
numEventBatches	Number of buckets sent to the cloud (events are sent in buckets)
numBytesOut	Number of bytes of data sent to the cloud
numConnections	Total number of HTTP connections established to the cloud (including all reconnects)
numRequests	Total number of HTTP requests to the cloud (greater than the number of connections since connections may be cached)
numClassLoads	Total number of registered class load events
maxQueueLength	Max reached event queue length
handshakeMillis	Elapsed time on handshake with the cloud
numBytesInArtifacts	Number of bytes sent as artifact data
communicationMillis	Elapsed time on network activity (handshake + read + write)
numBytesIn	Number of bytes received from the cloud
numEvents	Number of events sent to the cloud (class load, jar load, and everything else)
numEventHistogram	Histogram of the number of events sent to the cloud in one batch (base 2 logarithm of the number of events in the batch)
preShutdownMillis	Time elapsed since the start of VM shutdown hooks (effectively the end of user application), till the end of processing of rest events in the queue
numMethodEntries	Number of executed unique Java methods

Field

Description

numEventBatches

Number of buckets sent to the cloud (events are sent in buckets)

numBytesOut

Number of bytes of data sent to the cloud

numConnections

Total number of HTTP connections established to the cloud (including all reconnects)

numRequests

Total number of HTTP requests to the cloud (greater than the number of connections since connections may be cached)

numClassLoads

Total number of registered class load events

maxQueueLength

Max reached event queue length

handshakeMillis

Elapsed time on handshake with the cloud

numBytesInArtifacts

Number of bytes sent as artifact data

communicationMillis

Elapsed time on network activity (handshake + read + write)

numBytesIn

Number of bytes received from the cloud

numEvents

Number of events sent to the cloud (class load, jar load, and everything else)

numEventHistogram

Histogram of the number of events sent to the cloud in one batch (base 2 logarithm of the number of events in the batch)

preShutdownMillis

Time elapsed since the start of VM shutdown hooks (effectively the end of user application), till the end of processing of rest events in the queue

numMethodEntries

Number of executed unique Java methods

Inventory

VM instance inventory reported by connected runtime.

Field Description

Field	Description
hostName	Host name of machine running VM instance
networks	Network interfaces of machine running VM instance, containing an array with hostname and address
systemProperties	JVM system properties
systemInfo	System info of machine running VM instance For example: `sysctl.hw.activecpu: "16" sysctl.hw.cpufrequency_min: "2300000000" sysctl.hw.memsize: "17179869184" sysctl.hw.l1dcachesize: "32768"`
cpuInfo	CPU info of machine running VM instance For example: `CPU Microcode: 240 Affected by MCU Erratum SKX102: false Number of Processors: 16 CPU Stepping: 13`
memInfo	Memory info of machine running VM instance For example: `System RAM max, GB: 16`
osInfo	OS info of machine running VM instance For example: `OS Name: Mac OS X OS Version: 10.16 OS Arch: x86_64`
osEnvironment	OS environment variables on VM instance execution
jvmArgs	JVM arguments of VM instance For example: `- -XX:+UnlockExperimentalVMOptions - -XX:AzCRSMode=auto`
mainMethod	Main method executed by JVM on VM instance invocation For example: `HelloWorld.main`

hostName

Host name of machine running VM instance

networks

Network interfaces of machine running VM instance, containing an array with hostname and address

systemProperties

JVM system properties

systemInfo

System info of machine running VM instance

For example:

 sysctl.hw.activecpu: "16"
sysctl.hw.cpufrequency_min: "2300000000"
sysctl.hw.memsize: "17179869184"
sysctl.hw.l1dcachesize: "32768"

cpuInfo

CPU info of machine running VM instance

For example:

 CPU Microcode: 240
Affected by MCU Erratum SKX102: false
Number of Processors: 16
CPU Stepping: 13

memInfo

Memory info of machine running VM instance

For example:

 System RAM max, GB: 16

osInfo

OS info of machine running VM instance

For example:

 OS Name: Mac OS X
OS Version: 10.16
OS Arch: x86_64

osEnvironment

OS environment variables on VM instance execution

jvmArgs

JVM arguments of VM instance

For example:

 - -XX:+UnlockExperimentalVMOptions
- -XX:AzCRSMode=auto

mainMethod

Main method executed by JVM on VM instance invocation

For example:

 HelloWorld.main