Glossary
RF Curated Images (Near-Zero CVE Images)
Pre-hardened container images with near-zero known vulnerabilities, based on runtime-aware hardening. Built on LTS Linux distributions (Alpine, Ubuntu, Debian, Red Hat), these images are hardened to CIS/STIG benchmarks and validated for FIPS 140-2 & 140-3 — ideal for production workloads and compliance acceleration.
RF Community Images
Free, hardened container images published on RapidFort’s GitHub with over 6 million downloads. These images reduce vulnerabilities and attack surface by 60–70% using RapidFort’s hardening tools, which remove unused code and eliminate CVEs in non-executed components.
RF DevTime
DevTime tools that integrate into CI/CD pipelines to profile application behavior during testing, identify unused components, and generate the Runtime Bill of Materials (RBOM™). This enables precise CVE prioritization and remediation before deployment.
RF RunTime
RunTime tools that analyze real-time application execution to remove unused packages, enforce container security, and alert teams to anomalies or newly introduced CVEs — all with minimal compute overhead.
RBOM™ (Runtime Bill of Materials)
A dynamic inventory of software components that were actually loaded or executed during runtime. Unlike SBOMs, which reflect all declared dependencies, RBOMs™ capture only operationally relevant components — enabling accurate triage and remediation.
RF SASM (Software Attack Surface Management)
RF SASM is RapidFort’s Software Attack Surface Management platform — an end-to-end system for reducing exploitable code and vulnerability exposure across the container lifecycle. It combines DevTime profiling with RunTime hardening to identify unused components, remediate CVEs based on runtime behavior, and enforce workload integrity — all without requiring access to source code. In addition to strengthening security posture, SASM can reduce container size by up to 90%, enabling faster boot times, lower compute overhead, and reduced cloud infrastructure costs. It aligns with regulatory hardening benchmarks including STIG, CIS, and FIPS 140-3, helping teams streamline compliance with standards like FedRAMP, CMMC, SOC 2, PCI DSS, HIPAA, and NIS2 — while improving performance and operational efficiency.
Container Hardening
A security technique to minimize exploitable code by removing unnecessary software, tightening configurations, and applying benchmarks like STIG or CIS. RapidFort automates this process as part of its SASM platform.
RapidRisk Score
A runtime-informed vulnerability prioritization metric that ranks CVEs based on exposure, exploitability, and severity — allowing teams to focus remediation on what matters most.
Execution Path Analysis
The process of tracing which packages, binaries, and libraries are actually executed during application runtime. RapidFort uses this analysis to determine which components are active in production, allowing security teams to focus remediation efforts on vulnerabilities with real exposure — resulting in leaner, more effective vulnerability management.
STIG / CIS Benchmarks
Industry-standard security frameworks used to harden systems. RapidFort aligns RF Curated and Community Images to these benchmarks, enabling faster compliance readiness and audit-aligned hardening.