Snyk Runtime Monitoring does a couple of important things for your open source components during runtime. It:
Determines whether a vulnerable dependency is indeed being used at runtime in a way that can be exploited
Flags vulnerable dependencies identified at runtime, and prioritizes them first by whether those dependencies were called at runtime and then by severity
With the data Snyk retrieves and highlights for you, you can focus your remediation efforts where they matter the most - fixing the vulnerabilities whose vulnerable functions are actually invoked at runtime.
The Snyk runtime agent does the following:
The agent inspects every dependency of your application.
It then creates an execution hook on vulnerable functions in relevant dependencies.
Using these hooks, the agent detects the actual use of vulnerable functions.
The agent sends this data in beacons to Snyk, adding relevant data to the Snyk project.