Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.binarly.io/llms.txt

Use this file to discover all available pages before exploring further.

Generic Version-Based Detection

The primary approach uses version detection to identify vulnerabilities. While this method can produce false positives due to backported fixes not reflecting version changes, it provides broad coverage.

Ecosystem Filtering

To reduce false positives, ecosystem-specific filtering is implemented for:
  • Ubuntu systems
  • Rocky Linux/RedHat systems
This filtering leverages security notices from these distributions to accurately identify patched vulnerabilities, even when version numbers haven’t changed.

Rule-Based Detection

Rule-based detection uses specific patterns and signatures to identify vulnerabilities in code, providing more accurate results than version-based detection alone. This method analyzes actual code implementation rather than relying solely on version numbers. It can detect both known vulnerabilities and potential security weaknesses through pattern matching and semantic analysis. We offer rules from our system but don’t support these types of rules for customers to set.

Cryptographic Material Detection

Cryptographic detection identifies algorithms, protocols, certificates, and keys embedded in binary images through static analysis, without requiring source code or debug symbols. Detection method depends on the binary type:
  • Native binaries (UEFI firmware modules, ELF executables and libraries): code-based detection using algorithm-specific constants in code and data sections, cross-reference tracing, and partial emulation for select algorithms. Does not rely on symbol or function names, so custom implementations of known algorithms are still detected.
  • Managed runtimes (Java, Python): API-based detection covering supported cryptographic libraries. Java: Apache Commons Codec, Bouncy Castle, Google Guava, Google Tink, JDK. Python: cryptography, M2Crypto, Pooch, PyCryptodome, PyNaCl, pyOpenSSL, stdlib (hashlib, hmac). Custom implementations that bypass supported APIs will not be detected.
Each cryptographic finding is assigned a confidence score reflecting how well the detected pattern matched the algorithm and how certain the platform is about the identified parameters. Confidence applies to algorithms, protocols, and cryptographic assets (certificates and keys). For full details on the detection pipeline, confidence model, and limitations, see Cryptographic Detection.
  • Vulnerability Data Sources — The VDB sources that feed detection, including NVD, ecosystem, distribution, and exploitation intelligence data