Layer 01
Runtime Exploitability
Evidence from executed code paths, loaded libraries, and process behavior reveals which vulnerabilities are practically reachable — not just theoretically present.
Platform
Two Products. One Platform.
Primod combines runtime vulnerability intelligence with cloud security posture management — so you see both what's exploitable in production and what's misconfigured in your cloud.
eBPF-backed execution visibility. CVE prioritization grounded in runtime truth.
Runtime Detection In Action
Every CVE, traced to the exact function that executed.
When a vulnerability triggers in production, Primod captures the full call stack instantly — from the inbound HTTP request all the way down to the vulnerable function. Node, pod, container, binary, and namespace surface automatically, so your team knows exactly what to patch and why.
app.primod.io / cve-detail
CVE-2023-25809Medium
Cluster Topology View
See exactly where threats live inside your cluster.
The cluster map visualizes every node, namespace, pod, and container — with live threat indicators overlaid in real time. Pods with active exploitable CVEs surface immediately so you know the blast radius before you triage.
Live threat overlays — executed CVEs shown directly on affected pods
Node → namespace → pod → container drill-down hierarchy
Side panel with CVE list, severity, and timestamps per resource
Export cluster dump for offline forensic analysis
app.primod.io / kubernetes / topology
5 threats · liveLive
app.primod.io / kubernetes / vulnerabilities
Runtime Vulnerability Dashboard
Every live CVE, ranked by what actually executed.
Most vulnerability scanners hand you a list of everything present on disk — thousands of CVEs with no way to know which ones matter. Primod flips this entirely. The Runtime Vulnerabilities dashboard starts from what your code actually called in production, then works backwards to surface only the CVEs tied to functions that executed.
At the core is the vulnerability funnel — a real-time pipeline that narrows 1,608 total packages down to 202 CVEs on disk, then to the single function that actually triggered. Every step is traceable: Primod captures the full call stack at the moment of execution, highlights the TRIGGER frame, and links it back to the exact binary, container, and namespace where it ran.
The result is a prioritized queue your team can act on immediately — no spreadsheet triage, no guesswork about reachability, just execution-backed evidence for every fix decision.
Funnel view: total packages → CVEs on disk → executed → fix available
Severity distribution with critical / high / medium breakdown
CVE groups ranked by frequency across recent events
Vulnerability trend chart by severity over time
How Runtime Security Works
Three layers of runtime intelligence.
Layer 02
Context Fusion
Workload metadata, cloud posture, and service lineage merge into one risk narrative that engineering can action quickly without switching tools.
Layer 03
Operational Throughput
Security guidance maps directly to deployment teams and affected services, reducing triage drag, patch churn, and cross-team coordination overhead.
Architecture Snapshot
How the runtime stack is assembled.
01
eBPF Sensor Layer
Kernel-level probes capture runtime execution, process lineage, syscall behavior, and network interactions with sub-1% production overhead.
02
Correlation Engine
CVEs are mapped to reachable code paths and service dependencies. Cloud posture and blast radius context is fused into a single confidence score.
03
Call Stack Tracing
Full execution context for every triggered vulnerability — from the entry point down to the vulnerable function. No guesswork, just evidence.
04
Audit Evidence Chain
Every remediation decision is backed by traceable runtime observation — ready for SOC 2, audit review, and post-incident analysis.
Technical Specifications — Runtime Security
Deploy modelSingle agent, no sidecar required
Telemetry techeBPF — kernel-level, no code changes
Production overhead< 1% CPU, < 30 MB RSS
CoverageKubernetes, ECS, bare metal, VM
CVE databaseNVD + enriched vendor advisories
IntegrationsJira, PagerDuty, Slack, GitHub, SIEM
Ready to go deeper?