Overview
Product Information on RapidFort Platform
What is RapidFort Platform?
RapidFort Platform Pricing
Overall experience with RapidFort Platform
“RapidFort Enables FedRAMP SaaS Migration With Responsive Support and Timely Updates”
About Company
Company Description
RapidFort is a comprehensive vulnerability management platform that helps organizations reduce software risk across the software development lifecycle. RapidFort combines RF Near Zero CVE Images with a Software Attack Surface Management (SASM) system to identify, prioritize, and reduce vulnerabilities without source code changes. RF Near Zero CVE Images are FIPS 140-3 validated and hardened using STIG and CIS benchmarks aligned with NIST SP 800-70 guidance. Built on open-source LTS distributions, these container images provide a secure foundation for application deployment. The platform includes DevTime and RunTime tools that perform binary and runtime analysis to generate Software and Runtime Bills of Materials (SBOM and RBOM), detect unused components, and reduce the attack surface based on execution behavior. Organizations use RapidFort to improve visibility into software supply chain risks and support compliance readiness.
Company Details
Do You Manage Peer Insights at RapidFort?
Access Vendor Portal to update and manage your profile.
Key Insights
A Snapshot of What Matters - Based on Validated User Reviews
Reviewer Insights for: RapidFort Platform
Performance of RapidFort Platform Across Market Features
RapidFort Platform Likes & Dislikes
They provide near-zero CVE base images, and keep their library up-to-date. This had been a nightmare for us earlier - by the time we patch our base version, a few more CVEs get reported and we ended up chasing our tail. Now, we pull their latest version on a daily basis - and if we do find any CVEs in our internal scans and report it to them, we get a fresh update pretty quick. Their portal also provides an exploitability score for the CVEs, plus an instrumentation & tracking mechanism to identify the actual binaries that are loaded by our services (ie: many DLLs may be included in a package, but not necessarily used). This gives us a realistic view when reviewing the Security aspects of a build, prior to release - ie: there are X number of CVEs reported by the scanners, but they are in DLLs that are not loaded - or have low/zero exploitability score. Their CLI interface helps us to integrate their tools easily into our build pipelines.
The vast majority of our environments use open source images and RapidFort has directly swappable vuln reduced or vuln free images. Their tooling allows easy scanning, profiling and hardening of images that are custom or not offered by RapidFort. Their documentation is top notch and their customer success engineers have yet to not find an ideal solution for the issues that have cropped up.
The platform is simple and just works. I've tried other base images and they all work exactly as you'd expect them to. RapidFort support is stellar--we share a Slack channel with some of their engineers. While it's rare that we need to reach out, any time we have, they've responded quickly and knowledgeably. Closing out the last few CVEs in a system is always the hardest part. Sometimes you can't fix them and need to provide justification. RapidFort takes care of that by providing details when CVEs remain open--text I can often copy and paste as-is into a remediation report.
The fact that I have to pay for them? (:-) just kidding, we did our build-v/s-buy analysis, and they are value for money) Nothing really. This is a very specific need - to have secure base images - and they do it well, and maintain the expected security levels. Plus, they are very responsive to specific asks.
This is a nit pick, but the way Projects/Clusters are setup in their control panel shows every vulnerability on the cluster that has ever shown up in the cluster until it's manually curated to remove old images with those vulnerabilities.
The price. The platform is not cheap. But let's be honest: how much would it cost in labor and opportunity cost to task an experienced software engineer with working through a list of 200 vulnerabilities? Looking at it from that perspective, the platform does pay for itself.
Top RapidFort Platform Alternatives
Peer Discussions
RapidFort Platform Reviews and Ratings
- Director of Engineering50M-1B USDSoftwareReview Source
RapidFort Enables FedRAMP SaaS Migration With Responsive Support and Timely Updates
RapidFort has been very responsive to our requirements. We were starting off on migrating out product to FedRAMP SaaS, by containerizing the components and making them FIPS compliant. RapidFort truly partnered with us, being very flexible in their pricing, to provide us "everything that we need to meet the FedRAMP goals", rather than limiting us to a particular count. Plus, they got us what we needed, within short time - for example, we were using a couple of components that they did not have in their curated list, and they committed to and delivered them in 2 weeks - helping us to stay on course. - Engineering Manager50M-1B USDSoftwareReview Source
Avoid building out a team that solely patches containers, focus on building your product.
RapidFort is extremely knowledgeable in how images for containerized deployments are built, hardened, and made to adhere to compliance standards. Their pre-sales team made it extremely easy to demo their product and helped us see a path to dramatically reduce the number of engineers needed to maintain highly compliant environments that demand vulnerability patching with strict SLAs and very tedious reporting. Their curated and hardened images can be directly swapped into existing high compliance environments without the need for costly audits and government security reviews because the images are what you already have authorization to run, they just have demonstrably fewer or zero vulnerabilities. Finally, their tooling makes it a breeze to build your images on top of their images, scan them, profile them and then harden them to reduce the bulk or all of the vulnerabilities. - Director of Software Development<50M USDSoftwareReview Source
RapidFort handles my platform security so I can focus on building great software
The software engineers at my company love writing software and building innovative solutions to real-world problems. But developing a good program isn't enough--the platform has to be secure. That involves scanning the software, identifying vulnerabilities, and going through a painstaking process of fixing, remediating, or explaining away each issue. That's not fun work; it's a chore, and it's the very thing that RapidFort takes care of for us. We use their curated images with FIPS-validated cryptography as the base for all of our production applications. - Engineer10B+ USDIT ServicesReview Source
RapidFort: A Secure Way to Get a Handle on the Proliferation of Container Images.
Outstanding product operation. Very fast and accurate scanner. Excellent support from the dev and operations team. Weekly sync ups and continual support for implementation and testing. Slack channel is very helpful. The web GUI is simple and effective. The CLI tool and documentation is very easy to use and understand. There are frequent features being added that help make the system much more valuable. Curated images are of great value for vulnerability remediation, FIPS and STIG. - Software Development Manager1B-10B USDSoftwareReview Source
Seamless Experience With Rapidfort Images Eases Vulnerability Management Responsibilities
Our experience of using rapidfort curated images has been seamless and efficient. A major advantage was the ability of FIPS compliant images. We offloaded our base image vulnerability management to rapidfort, so our engineers no longer need to perform the task of maintaining these specialized base images. Overall the transition was smooth.