There are three ways to import common vulnerabilitie and exposure (CVE) data:
- APM agents: automatically detect CVEs in the libraries used by your service.
- Third party integrations: report CVEs detected by third party integrations such as Dependabot or Snyk.
- Our security data API: report CVE data from unsupported third parties or your own solution directly to New Relic through our security API.
APM agents
Our APM agents automatically detect CVEs.
CVE detection coverage differs between agents:
Agent | Minimum agent verion | CVE Coverage |
|---|---|---|
Java | All supported versions | Jars |
Node.js | All supported versions | Packages |
Ruby | All supported versions | Gems |
Python | 8.0 or higher | Modules |
Go | 3.20 or higher | Modules |
PHP | 10.17 or higher | |
.NET | Not supported | N/A |
Third party integrations
Import data from your other security tools directly into New Relic. We currently support the following tools. If your tool isnโt listed, send your security data through our security data API.
Security data API
Send data directly to New Relic through our security data API. Use this when a tool-specific integration doesn't exist or if sending payloads directly to New Relic works best for your workflow. Learn more here.