Analyze runtime library usage

Runtime library usage gives insight into which parts of a library are actually used by your applications. This can reduce investigation time for CVEs by confirming how much a library matters to your software. This also improves collaboration because security teams can confirm with development teams that an application uses a vulnerable library at runtime.

Select Libraries in the header and view the Usage column to see if a library is used at runtime, and how much. The usage number represents the number of items used by any instrumented applications, out of the total number of items known to be available in that library.

LibraryUsageCount.png

Items loaded may be classes, files or functions, depending on the languages of the applications using this library.

When an application uses a library, the Contrast agent reports the items loaded within the library. As the application uses more items within a library, usage counts increase in Contrast.

If you have the appropriate license, you can also view full library usage details for a particular application:

  1. Under Applications, select a specific application to see the details view.

  2. Select the Libraries tab for the application.

  3. Select the usage counts for a specific library. This opens a details panel.

    LibraryUsageCountPanel.png
  4. View each class, file, or function used. You will also see the first time and last time Contrast observed it in use. Library exports will also include full usage data.

  5. Select the X to close the details panel.

Note

Only organizations that have an enhanced library data license can see full usage details. To learn more, contact our sales department at sales@contrastsecurity.com.