Question 1

How does RapidFort reduce up to 95% of CVEs automatically?

Accepted Answer

RapidFort achieves up to 95% CVE reduction by combining RF Near Zero CVE Images with the Software Attack Surface Management (SASM) platform. This includes Instrumentation and Profiling (DevTime) to identify unused components and generate Runtime Bill of Materials (RBOM™), followed by Hardening and Defending (RunTime) to remove non-executed code and remediate vulnerabilities based on actual execution paths — all without modifying source code.

Question 2

What is the Software Attack Surface Management (SASM) platform, and how does it work?

Accepted Answer

The RapidFort Software Attack Surface Management (SASM) platform analyzes containerized applications during both build-time and run-time to identify and remove unused or unreachable components. It reduces the software attack surface, remediates vulnerabilities based on actual runtime execution, and continuously protects workloads post-deployment. SASM integrates seamlessly into CI/CD workflows and plays a central role in eliminating up to 95% of CVEs without requiring source code changes.

Question 3

What are RF Near Zero CVE Images?

Accepted Answer

RF Near Zero CVE Images are pre-hardened container images with minimized footprints and near-zero known vulnerabilities. They are aligned to CIS and STIG benchmarks, validated for FIPS 140-3 compliance, and designed for regulated, production-grade deployments. These images help accelerate compliance readiness for frameworks such as FedRAMP, CMMC, SOC 2, PCI DSS, HIPAA, and NIS2.

Question 4

How are RF Community Images different from RF Curated Images?

Accepted Answer

RF Community Images are free, hardened container images published on RapidFort’s GitHub. They remove 60–70% of known CVEs by eliminating unused components through RapidFort’s hardening tools.
In contrast, RF Curated Images are RF Near Zero CVE Images — fully hardened, compliance-ready containers designed as a secure foundation for software development and deployment. Built and updated daily, these images are available in both Base and FIPS 140-3 validated variants, and are benchmarked to CIS and STIG security standards. They are optimized for use in FedRAMP, CMMC, SOC 2, HIPAA, PCI DSS, NIS2, and other regulated environments where a near-zero vulnerability state is required.

Question 5

What is an RBOM™ and how is it different from an SBOM?

Accepted Answer

RBOM™ (Runtime Bill of Materials) includes only software components that were actually executed during application runtime. Unlike static SBOMs, which list all declared packages regardless of usage, RBOMs™ reduce false positives and enhance vulnerability triage precision.

Question 6

Does RapidFort require access to source code?

Accepted Answer

No. RapidFort does not require access to source code. It operates at the binary and container level using binary scanning, DevTime profiling, and runtime behavior analysis to identify and remove unused components — enabling precise CVE remediation without modifying application code. Users can choose from multiple hardening levels, allowing for fine-grained control over which components are removed or retained based on security, performance, or operational requirements.

Question 7

Can RapidFort prioritize CVEs based on risk or exploitability?

Accepted Answer

Yes. RapidFort uses execution path analysis and the RapidRisk Score to prioritize vulnerabilities that are actively present in runtime. It distinguishes between components that are executed and those that are not, allowing teams to focus remediation efforts on the vulnerabilities that truly matter to their running workloads.

Question 8

Does RapidFort support CI/CD pipeline integration?

Accepted Answer

Yes — RapidFort integrates directly into your CI/CD pipelines and existing security stack.
Through native integrations with tools like Jenkins, GitHub, GitLab, Jira, Snyk, Tenable, Nessus, Splunk, and more, RapidFort automatically instruments your builds, generates RBOMs™, and applies hardening policies — all within your existing DevOps workflows.

Question 9

How does RapidFort help with compliance readiness?

Accepted Answer

RapidFort accelerates compliance readiness by reducing vulnerabilities through execution-aware removal of unused and unreachable components, producing audit-ready RBOMs™, and delivering container images that are STIG/CIS hardened and FIPS 140-3 validated. It supports initiatives such as FedRAMP, CMMC, SOC 2, and cATO.

Question 10

What benchmarks and standards are supported by RapidFort?

Accepted Answer

RapidFort supports STIG and CIS hardening benchmarks, FIPS 140-3 cryptographic validation, and aligns with security controls from NIST SP 800-70 — helping organizations reduce risk and prepare for security audits.

Question 11

How does RapidFort secure running containers?

Accepted Answer

RapidFort profiles application behavior in production, baselines container activity, and detects runtime drift or behavioral anomalies. It filters CVEs based on what’s actually exposed and maintains protection with less than 1% compute overhead.

Question 12

Can I use RapidFort on third-party or custom base images?

Accepted Answer

Yes. RapidFort’s DevTime and RunTime tools can be applied to any image — including custom or vendor-provided base images — to harden them, remove unnecessary components, and reduce CVEs at runtime.

Question 13

What environments are supported by RapidFort?

Accepted Answer

RapidFort supports all major Kubernetes distributions, Docker runtimes, container registries, and cloud-native platforms. It is fully compatible with Linux LTS distributions including Alpine, Ubuntu, Debian, and Red Hat.

Question 14

Does RapidFort automatically patch vulnerabilities?

Accepted Answer

RapidFort avoids conventional patching by removing unused components and unreachable code — neutralizing the majority of CVEs without introducing new packages or requiring re-baselining.

Question 15

How is vulnerability data presented in RapidFort?

Accepted Answer

RapidFort produces accurate, context-aware vulnerability reports. Results include execution path visibility and can be exported in SPDX or CycloneDX formats for integration with compliance systems or SIEM tools.

Frequently Asked Questions

Products

Quicklinks

Contact

Address

Contact