Security RX for Applications helps you identify, prioritize, and remediate vulnerabilities in your application dependencies. Whether you're monitoring a single service or managing security across your entire application portfolio, Security RX provides the visibility and context you need to secure your software supply chain.
What you can do
With Security RX for Applications, you can:
- Detect vulnerabilities in application dependencies automatically through APM agents
- Prioritize remediation based on CVSS severity, exploit probability (EPSS), and active ransomware campaigns
- Track vulnerability exposure across your application portfolio
- Monitor specific applications with entity-scoped views for developers
- Manage organization-wide security with comprehensive dashboards for security teams
- Import vulnerabilities from third-party tools like Snyk, Dependabot, and FOSSA
How to get started
Before using Security RX for Applications, make sure you have:
- Set up prerequisites and user roles - Ensure you have the required permissions
- Configured an integration - Install an APM agent or set up a third-party integration
- Understand prioritization - Learn how vulnerabilities are ranked
Choose your workflow
Security RX provides two complementary views for managing application vulnerabilities:
Organization view: Manage all applications
Best for security teams, DevSecOps, and platform engineers who need to:
- Calculate the vulnerability surface area across all applications
- Identify which applications pose the highest risk
- Understand how vulnerabilities affect multiple services
- Track security hygiene metrics organization-wide
→ Manage organization-wide application vulnerabilities
Entity view: Monitor specific applications
Best for developers and engineers who need to:
- Monitor vulnerabilities in services they own
- Prioritize fixes for a specific application
- Track vulnerability exposure windows for their code
- Integrate security tasks into their daily workflow
→ Monitor entity-level application security
Supported languages and frameworks
Security RX detects vulnerabilities in applications instrumented with New Relic APM agents:
Language | Minimum Version | Detection Coverage |
|---|---|---|
Java | All supported versions | JAR files |
Node.js | All supported versions | npm packages |
Ruby | All supported versions | Gems |
Python | 8.0 or higher | Packages |
Go | 3.20 or higher | Modules |
PHP | 10.17 or higher | Composer packages |
For complete agent requirements and version details, see APM agent integrations.
Data sources
Security RX for Applications collects vulnerability data from:
- APM agents - Automatic detection of vulnerabilities in loaded libraries
- Third-party integrations - Import findings from Snyk, Dependabot, FOSSA, and other security tools
- Security data API - Send custom vulnerability data directly to New Relic
Learn more about configuring integrations.