Analyze runtime library usage

Runtime library usage gives insight into which parts of a library are actually used by your applications, which can reduce investigation time for CVEs by showing how much a library impacts your application. This also improves collaboration because security teams can confirm with development teams that an application uses a vulnerable library at runtime.

Select Libraries in the header and view the Usage column to see if a library is used at runtime, and how much. The usage number represents the number of items used by any instrumented applications, out of the total number of items known to be available in that library.

LibraryUsageCount.png

Items loaded may be classes, files or functions, depending on the languages of the applications using this library. If a master application contains multiple applications that use the same library, the classes loaded will be representative of each merge application.

When an application uses a library, the Contrast agent reports the items loaded within the library. As the application uses more items within a library, usage counts increase in Contrast.

If you have the appropriate license, you can also view full library usage details for a particular application:

  1. Under Applications, select a specific application to see the details view.

  2. Select the Libraries tab for the application.

  3. Select the usage counts for a specific library. This opens a details panel.

    LibraryUsageCountPanel.png
  4. View each class, file, or function used. You will also see the first time and last time Contrast observed it in use. Library exports will also include full usage data.

    Note

    For a merged application, Contrast will report when a class was first seen and last seen for all applications it contains within the corresponding Last Seen and First Seen columns.

  5. Select the X to close the details panel.

Note

Only organizations with an OSS license can see full usage details. To learn more, contact our sales department at sales@contrastsecurity.com.