Frequently Asked Questions

RunSafe takes an agentless approach that does not have any performance impact.

RunSafe Security’s Protect solution greatly reduces the need to patch by relocating software functions in memory every time the software is run, preventing attackers from exploiting memory-based vulnerabilities even before a patch is available.

By having mitigations in place, organizations can downgrade the severity of a vulnerability and reduce the speed at which they need to patch. This is especially critical in ICS and OT environments where patching is difficult and time-consuming. Frequent patching and reactive fixes drain resources and reduce software quality.

While RunSafe advocates for patching as part of following industry best practices, Protect allows organizations to be proactive about security and have mitigations in place before a vulnerability is discovered or can be exploited rather than relying on reactive patching alone.

RunSafe’s C/C++ SBOM generator provides build-time analysis by running during compilation, eliminating the need for binary analysis and package managers.

The SBOM includes a comprehensive inventory listing all applications, libraries,

and files and seamlessly integrates across various build environments.

RunSafe’s C/C++ SBOM generator is designed specifically for real-time and embedded software.

RunSafe Protect does not randomize or impact data that would be in shared memory, and thus would not have any impact on shared memory for a system.

RunSafe does not require any coordination with OS providers Linux, VxWorks, and Lynx.

Usage documents are provided within the on-prem package under runsafe_sbom_on_prem/README

No, RunSafe does not identify vulnerabilities in proprietary code. SAST/DAST tools are used for this.

With Identify, RunSafe’s build-time SBOM generator, you can see what open source code is used in proprietary apps. A vulnerability in the open source code used could appear in your proprietary application or firmware.

RunSafe Identify supports

• C/C++ (no Conan required)
• JavaScript
• Rust
• Python
• Golang
• Dart
• Dlixer
• Erlang
• GitHub Actions
• Haskell
• Java
• Lua
• PHP
• Ruby
• Swift
• Coming soon: .NET

The RunSafe Security Platform is powered by 400-plus vulnerability data sources, including VulnCheck data sources, NIST, OSV, and GHSA, and more. Vulnerability data is pulled at least daily.

We need to have access to source code. Having access to the source code at build time provides greater fidelity, accuracy, and completeness of results.

RunSafe’s C/C++ SBOM generator has a completely on prem offering that can work in completely disconnected networks. In 2025, we plan to offer a completely on-prem version of our Platform (which can generate SBOMs for many other programming languages) that can be used in completely disconnected networks.

Our platform autoscales, so generation and analysis of SBOMs can work from the smallest enterprise to the largest software factories.

We generated CycloneDx compliant SBOMs, in versions 1.4 and 1.6 depending on language. The SBOMs support all mandatory NTIA fields..

We are currently undergoing an ISO-27001 audit for our platform, and anticipate that being completed in early 2025.  

The RunSafe Security Platform scores vulnerabilities in two different categories:

1. For known vulnerabilities, we base those on the CVSS scores.
2. For unknown vulnerabilities in compiled programs/firmware/libraries, we perform a risk assessment based on the availability of ROP chains in the compiled binary to assess how much damage an attacker could do to the system/device/software if they were to identify a previously unknown vulnerability.

Our platform updates CVEs and attaches newly discovered CVEs to existing SBOMs. This, combined with a robust component search capability across all SBOMs for your organization, allow users to search for things like log4j or openssl and find all affected repositories quickly and easily.

Yes, RunSafe has been deployed in many resource-constrained environments successfully. Our Protect solution has a small footprint, averaging about 10% for memory overhead.

For example, RunSafe has deployed on a single-core ARM processor embedded on modern servers to manage the BMC for each server. It has very limited resources and RunSafe was able to be applied to the software and fit within minimal available resources.

Yes, RunSafe has a standalone SBOM generator and an on-prem solution that works with a local git repo.

You do not have to connect to a public GitLab server.

RunSafe supports the following operating systems:

• Linux – all, including Yocto and Buildroot build environments
• VxWorks
• QNX

RunSafe supports the following architectures:

• Arm32/Arm64
• Intel x86/x86_64
• PPC 32

Signing up for a free trial is quick and easy! Watch the demo video below for a step-by-step walkthrough.

Ready to start? SIGN UP HERE

Inviting a user to your organization is quick and easy. Simply navigate to the User section in the platform, enter the user’s email, and send an invitation. Once they accept, they’ll have access to the organization you created.

Watch the demo below for a step-by-step guide.

Yes, RunSafe allows you to enrich SBOMs and include proprietary components.

When your company builds custom libraries that become part of the final binary product, there’s limited ability to automatically report detailed information during SBOM generation because these components are proprietary to your organization.

RunSafe allows you to

1. Create a one-time configuration file with your proprietary component details.
2. Pass the config file into your build pipeline during SBOM generation.
3. Enable automatic enrichment during each build – no manual intervention required.
4. Reuse the same config file across builds. Once created, the same configuration file can be applied to future SBOM generation.

 

This gives you control over your proprietary components and the ability to create SBOMs more accurately while integrating seamlessly into your existing pipeline.