Vulnerability Investigation

How It Works: Agent Security Model

EdgeBit’s philosphy is to smartly and minimally integrate into your infrastructure with a principle of least privilege.

Strictly Connecting Out

EdgeBit’s software installed in your build pipelines or on your Linux servers strictly connects out to your custom EdgeBit hostname ( over TLS. This makes it easy to add this traffic to an allow list.

EdgeBit operates in AWS and it is possible to establish your tenancy in a desired AWS region.

Understanding the Metadata Collected

EdgeBit does all generation of software bill of materials (SBOM) local to the build pipeline or server. Processing and correlation of SBOM contents to vulnerabilities and other data sources happens within the EdgeBit cloud service.

Build Metadata

Each software build gathers only data conforming to the SPDX standard – package and dependency names, versions, cryptographic hashes, etc. At no point is any source code or file contents transmitted to EdgeBit.

Runtime Metadata

The Linux agents collects the list of installed packages, including versions, file names, license information, and other metadata necessary to produce an SBOM. In addition, it collects file names (but not the content) that were opened by processes.

The agent has a configurable allow list of directories to inventory with typical data file locations excluded by default. At no point is any source code or file contents transmitted to EdgeBit.

Standard machine metadata like hostname, OS version, and cloud instance tags/labels are also collected for ease of correlation to team, app and cloud.

EdgeBit Privacy Policy

Other details on data collection can be found in the EdgeBit privacy policy.