Vulnerability integrations overview

There are three ways to import common vulnerabilities and exposure (CVE) data:

APM agents: automatically detect CVEs in the libraries used by your service.
Third party integrations: report CVEs detected by third party integrations such as Dependabot or Snyk.
Our security data API: report CVE data from unsupported third parties or your own solution directly to New Relic through our security API.

APM agents

Our APM agents automatically detect CVEs.

CVE detection coverage differs between agents:

Agent	Minimum agent verion	CVE Coverage
Java	All supported versions	Jars
Node.js	All supported versions	Packages
Ruby	All supported versions	Gems
Python	8.0 or higher	Modules
Go	3.20 or higher	Modules
PHP	10.17 or higher	Some packages
.NET	Not supported	N/A

By default, New Relic PHP APM Agent supports detecting CVEs in the core packages of the following frameworks:

Packages	Minimum Version
Drupal	8.0
Guzzle	6.0
Laravel	6.0
PHPUnit	9.0
Predis	2.0
Slim	2.0
Wordpress	5.9.0

We recommend you use officially supported versions of PHP. If your project uses Composer to manage dependencies, you can configure the New Relic PHP APM agent to detect vulnerabilities in all your packages. This feature is disabled by default.

See the Vulnerability Management settings in PHP agent configuration for detailed information about how to configure the integration in the New Relic PHP APM agent.

Third party integrations

Import data from your other security tools directly into New Relic. We currently support the following tools. If your tool isn’t listed, send your security data through our security data API.

Security data API

Send data directly to New Relic through our security data API. Use this when a tool-specific integration doesn't exist or if sending payloads directly to New Relic works best for your workflow. Learn more here.

APM agents.css-21sua1{background:none;border:none;width:0;padding:0;}

Third party integrations

Security data API

APM agents