Replies: 1 comment
-
|
Discussed on the 10/13/22 meeting, for those interested, listen to the replay. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hey there everyone. I was thinking of a security use case for Otel to try to extract runtime data from an application. I know this is not something the SDK provides today. The idea would be to list out (via logging pipeline) the libraries and method names as they are called. As you are aware, we can extract the artifacts in an application, but we can't tell which are actually called/used in the app. By using instrumentation, we could capture that data, and it would be pretty low overhead to do so.
I think it would solve a real need in the security industry for something simple and open source to get some idea of the bill of materials and potentially some idea of what versions are running in the Java application.
This would be built out in Java at first, but then likely expanded to allow for other language coverage.
Ultimately, the data would be consumed by other static code analysis (SCA) tools who are trying to get more runtime data.
Thoughts?
Beta Was this translation helpful? Give feedback.
All reactions