Visit Azul.com Support

What Info is Transmitted Between Your System and Azul Vulnerability Detection

Azul Vulnerability Detection is a combination of applications running within your environment combined with an analysis and data collection solution provided by Azul as Software as a Service (SaaS). This means there is an exchange of JVM Meta Data from your environment to the Azul system. This document describes what data are exchanged exactly and how the security of your JVM Meta Data is handled at every level involved.

Components Within the System

To be able to provide vulnerability information, three components are involved:

  • Within your environment

    • Java Runtimes

    • Forwarder(s)

  • Provided by Azul

    • Azul Vulnerability Detection Web UI and APIs

Java Runtime

The Java Runtime (being Azul Zulu JRE and/or Azul Zulu Prime JRE) runs within your environment and will never need access to the public internet to exchange data with Azul Vulnerability Detection. The runtime will collect information about the libraries inside the application using the Connected Runtime Service (CRS), a component inside the JVM. But only if experimental options are enabled and a valid Forwarder URL has been specified (see Connect to Azul Vulnerability Detection via the Forwarder), CRS will transmit these JVM Meta Data to the Forwarder.

Note
Our runtimes only send data regarding the Java runtime and libraries for this very specific functionality. There is no other information exchanged with Azul, and all collected JVM Meta Data in the Saas environment is available to you via our Web UI and API. In contrast to distributions from other providers, Azul will not, and cannot, use this information to check licenses.

Forwarder

The Forwarder is a separate application provided by Azul to be installed within your environment (at least once, for more info, see "One-time Setup"), that will transmit the JVM Meta Data provided by the runtimes to Azul Vulnerability Detection. It requires access to the public internet. Rotating certificates secure the connection between the Forwarder and Azul Vulnerability Detection.

Azul Vulnerability Detection

Our SaaS solution to detect vulnerabilities in your applications, uses an internal knowledge base containing "fingerprints" (hashes) as described on "How CVEs are Detected". At this point, Azul doesn’t have any other reference to your code or applications except the info related to the Instance ID.

Example of an Instance view in the Azul Vulnerability Detection UI

Detailed Info About APIs

The Forwarder is the "gateway" between the runtimes within your environment and the Azul Vulnerability Detection SaaS solution. All data flowing through the Forwarder is transmitted via an API approach.

APIs Between Java Runtime and Forwarder

API Method Description

/crs/instance/{vmId}

POST

Report new VM instance events.

/crs/auth/rt/token

GET

Get new runtime token.

/crs/auth/rt/token

POST

Refresh runtime token.

Data Model Exchanged Between Java Runtime and Forwarder

VM Instance

The model of a VM instance managed by CRS.

Field Description

vmId

VM instance ID generated by CRS

clientVersion

Version of CRS client used by VM instance

clientRevision

Source code revision of CRS client used by VM instance

inventory

See Inventory model.

jvmInfo

JVM information derived from VM instance metadata:

  • Xmx: Max Java heap size

  • Xms: Initial Java heap size

startTime

Start time of the VM instance (epoch millis)

lastHeardTime

Last time VM instance was heard by CRS service (epoch millis)

owner

User name associated with VM instance

mailbox

Mailbox ID used by CRS to report VM instance metadata and telemetry

state

State of VM instance last known to CRS:

  • STARTED - [Deprecated, but can be found in old VMs] VM instance is started but not running yet

  • RUNNING - VM instance is running

  • TERMINATED - VM instance is terminated

  • OFFLINE - VM instance does not respond for a long time (disconnected, crashed or any other reason)

tags

Tags of VM instance consisted of named string values

VM Event

VM event reported to the Forwarder by a VM instance.

Field Description

vmId

VM instance associated with event, must be set only for user initiated requests

eventId

Synthetic primary key of event

eventType:

VM event types supported by CRS:

  • VM_CREATE

  • VM_PATCH

  • VM_ARTIFACT_CREATE

  • VM_ARTIFACT_PATCH

  • VM_ARTIFACT_DATA

  • VM_JAR_LOADED

  • VM_CLASS_LOADED

  • VM_METHOD_FIRST_CALLED

  • VM_PERFORMANCE_METRICS

  • VM_HEARTBEAT

  • VM_SHUTDOWN

eventTime

VM event time (epoch millis)

receivedTime

The time VM event first observed by the server (epoch millis)

VM Jar Loaded

Payload of VM_JAR_LOADED event.

Field Description

jarName

JAR file name

url

URL used by JVM to access JAR content

centralDirectoryHash

Hash value computed by central directory of JAR archive

centralDirectoryLength

Length of the central directory of JAR archive

centralDirectoryExtractionMethod

Method used to obtain central directory of JAR archive

recursionDepth

Depth of JAR when nested JAR is reported recursively

manifestHash

Hash value computed by META-INF/MANIFEST.MF of JAR

initiatedBy

The party that initiated the reporting of JAR:

  • CLASS_LOADING

  • JDK_NATIVE_LOADING

  • RECURSIVE_LOADING

  • OTHER

mavenComponents

Maven components detected by metadata files of JAR (pom.properties, etc.), containing:

  • groupId: Group ID of maven component

  • artifactId: Artifact ID of maven component

  • version: Version of maven component

stats

Time counters computed on JAR processing, containing:

  • visitJarEntries: Elapsed time to visit JAR entries, ns

  • jarEntriesHashes: Elapsed time to compute hashes of JAR class entries, ns

  • jarEntriesShaded: Elapsed time to compute shaded hashes of JAR class entries, ns

  • pomProperties: Elapsed time to process POM properties of JAR, ns

entries

Packed data with JAR entry details

VM Class Loaded

Payload of VM_CLASS_LOADED event.

Field Description

classId

VM specific ID of the class

loaderId

VM specific ID of the class loader that loaded the class

className

Fully qualified class name

source

Source of the loaded class

hash

Hash calculated by original class content

transformedHash

Hash of the class that was transformed on loading (e.g. instrumented)

VM Method First Called

Payload of VM_METHOD_FIRST_CALLED event.

Field Description

classId

VM specific ID of the class

methodName

Name and signature of the method

VM Performance Metrics

Payload of VM_PERFORMANCE_METRICS event.

Field Description

numEventBatches

Number of buckets sent to the cloud (events are sent in buckets)

numBytesOut

Number of bytes of data sent to the cloud

numConnections

Total number of HTTP connections established to the cloud (including all reconnects)

numRequests

Total number of HTTP requests to the cloud (greater than the number of connections since connections may be cached)

numClassLoads

Total number of registered class load events

maxQueueLength

Max reached event queue length

handshakeMillis

Elapsed time on handshake with the cloud

numBytesInArtifacts

Number of bytes sent as artifact data

communicationMillis

Elapsed time on network activity (handshake + read + write)

numBytesIn

Number of bytes received from the cloud

numEvents

Number of events sent to the cloud (class load, jar load, and everything else)

numEventHistogram

Histogram of the number of events sent to the cloud in one batch (base 2 logarithm of the number of events in the batch)

preShutdownMillis

Time elapsed since the start of VM shutdown hooks (effectively the end of user application), till the end of processing of rest events in the queue

numMethodEntries

Number of executed unique Java methods

Inventory

VM instance inventory reported by connected runtime.

Field Description

hostName

Host name of machine running VM instance

networks

Network interfaces of machine running VM instance, containing an array with hostname and address

systemProperties

JVM system properties

systemInfo

System info of machine running VM instance

For example:

 
sysctl.hw.activecpu: "16" sysctl.hw.cpufrequency_min: "2300000000" sysctl.hw.memsize: "17179869184" sysctl.hw.l1dcachesize: "32768"

cpuInfo

CPU info of machine running VM instance

For example:

 
CPU Microcode: 240 Affected by MCU Erratum SKX102: false Number of Processors: 16 CPU Stepping: 13

memInfo

Memory info of machine running VM instance

For example:

 
System RAM max, GB: 16

osInfo

OS info of machine running VM instance

For example:

 
OS Name: Mac OS X OS Version: 10.16 OS Arch: x86_64

osEnvironment

OS environment variables on VM instance execution

jvmArgs

JVM arguments of VM instance

For example:

 
- -XX:+UnlockExperimentalVMOptions - -XX:AzCRSMode=auto

mainMethod

Main method executed by JVM on VM instance invocation

For example:

 
HelloWorld.main