From 80ab80252fc0d1cf8da5117324a58ee308355132 Mon Sep 17 00:00:00 2001 From: Michal Nowacki Date: Mon, 30 Sep 2024 13:28:08 -0400 Subject: [PATCH 1/5] feat(apm/php): add `newrelic.vulnerability_management.composer_api.enabled` description New Relic PHP Agent v11.2 adds new configuration settings that enables use of Composer's runtime API for package detection (vulnerability management php-agent integration). --- .../configuration/php-agent-configuration.mdx | 160 ++++++++++++------ 1 file changed, 108 insertions(+), 52 deletions(-) diff --git a/src/content/docs/apm/agents/php-agent/configuration/php-agent-configuration.mdx b/src/content/docs/apm/agents/php-agent/configuration/php-agent-configuration.mdx index 16655f8462d..cc1b9aa3e4e 100644 --- a/src/content/docs/apm/agents/php-agent/configuration/php-agent-configuration.mdx +++ b/src/content/docs/apm/agents/php-agent/configuration/php-agent-configuration.mdx @@ -3934,6 +3934,114 @@ Setting one of the following tags will help you identify which versions of your An upcoming release of errors inbox will automatically track which versions of your software are producing errors. Any version data will also be displayed in [CodeStream](/docs/codestream/how-use-codestream/performance-monitoring/#buildsha). +## Vulnerability management settings [#inivar-vulnerability-management] + +This section lists the settings that affect the reporting of PHP packages. + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ Scope: + + PERDIR +
+ Type: + + Boolean +
+ Default: + + `true` +
+ Notes: + + Introduced in PHP agent version 10.17 +
+ + When set to `true`, the agent will send up package detection information that can be viewed on the environment page. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ Scope: + + PERDIR +
+ Type: + + Boolean +
+ Default: + + `false` +
+ Notes: + + Introduced in PHP agent version 11.2 +
+ + When set to `true`, the agent will try using Composer's runtime API for package detection. + + + ## Other .ini settings [#inivar-rare-settings] This section lists the remaining newrelic.ini settings. @@ -4294,55 +4402,3 @@ This section lists the remaining newrelic.ini settings. Enables the detection of frameworks and libraries when preloading is enabled. Preloading was introduced in PHP version 7.4. `newrelic.preload_framework_library_detection` will only take effect when `opcache.preload` is set in the `php.ini` file. - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Scope: - - SYSTEM -
- Type: - - Boolean -
- Default: - - `true` -
- Notes: - - Introduced in PHP agent version 10.17 -
- - When set to `true`, the agent will send up package detection information that can be viewed on the environment page. - - From 5653fac52fc1a814d97da67bfd7092de40a7945d Mon Sep 17 00:00:00 2001 From: Michal Nowacki Date: Mon, 30 Sep 2024 13:52:05 -0400 Subject: [PATCH 2/5] update vulnerability management php apm agent integration info With added support for Composer's runtime API, PHP APM Agent can be configured to detect vulnerabilities in all packages managed by Composer. The section about Vulnerability Management PHP APM Agent integration needed an update to advertise this new feature. --- .../docs/vulnerability-management/integrations/intro.mdx | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/content/docs/vulnerability-management/integrations/intro.mdx b/src/content/docs/vulnerability-management/integrations/intro.mdx index 67b65bb2578..96694fcbe2e 100644 --- a/src/content/docs/vulnerability-management/integrations/intro.mdx +++ b/src/content/docs/vulnerability-management/integrations/intro.mdx @@ -180,7 +180,7 @@ CVE detection coverage differs between agents: id="php-packages" title="PHP package support" > - Our New Relic [PHP APM Agent](/docs/apm/agents/php-agent/getting-started/introduction-new-relic-php) currently supports detecting CVEs related to packages from the following frameworks: + By default, New Relic [PHP APM Agent](/docs/apm/agents/php-agent/getting-started/introduction-new-relic-php) supports detecting CVEs in the core packages of the following frameworks: @@ -268,9 +268,10 @@ CVE detection coverage differs between agents:
- We recommend using [officially supported versions](/docs/apm/agents/php-agent/getting-started/php-agent-compatibility-requirements/) of PHP. Note, the PHP agent differs from other language agents as it's not aware of packages until they are used. If the version is not specified in the package's source code in an accessible way, the PHP agent is unable to provide version detection information for that package, and vulnerabilities will not be shown. + We recommend using [officially supported versions](/docs/apm/agents/php-agent/getting-started/php-agent-compatibility-requirements/) of PHP. + If your project uses [Composer](https://getcomposer.org/) to manage dependencies, New Relic [PHP APM Agent](/docs/apm/agents/php-agent/getting-started/introduction-new-relic-php) can be configured to detect vulnerabilities in all your packages. This feature is disabled by default. + See [PHP Agent Configuration - Vulnerability management settings](/docs/apm/agents/php-agent/configuration/php-agent-configuration/#inivar-vulnerability-management) for detailed information how to configure Vulnerability Management integration in New Relic PHP APM Agent. - To disable package detection for Vulnerability Management, you can find more information on the [configuration page](/docs/apm/agents/php-agent/configuration/php-agent-configuration/#inivar-package-detection). From f7150d40ee66bd9122ea68b5d389daecf27aa76d Mon Sep 17 00:00:00 2001 From: Michal Nowacki Date: Mon, 30 Sep 2024 13:53:28 -0400 Subject: [PATCH 3/5] add link to Composer's runtime API --- .../agents/php-agent/configuration/php-agent-configuration.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/apm/agents/php-agent/configuration/php-agent-configuration.mdx b/src/content/docs/apm/agents/php-agent/configuration/php-agent-configuration.mdx index cc1b9aa3e4e..c9e9cc272c1 100644 --- a/src/content/docs/apm/agents/php-agent/configuration/php-agent-configuration.mdx +++ b/src/content/docs/apm/agents/php-agent/configuration/php-agent-configuration.mdx @@ -4038,7 +4038,7 @@ This section lists the settings that affect the reporting of PHP packages. - When set to `true`, the agent will try using Composer's runtime API for package detection. + When set to `true`, the agent will try using [Composer's runtime API](https://getcomposer.org/doc/07-runtime.md) for package detection. From af729b9a0ba8f4e428f05117edb06ff6a8a2f35e Mon Sep 17 00:00:00 2001 From: Rob Siebens Date: Mon, 30 Sep 2024 15:11:42 -0700 Subject: [PATCH 4/5] fix(PHP agent): Correct collapser tags --- .../php-agent/configuration/php-agent-configuration.mdx | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/content/docs/apm/agents/php-agent/configuration/php-agent-configuration.mdx b/src/content/docs/apm/agents/php-agent/configuration/php-agent-configuration.mdx index c9e9cc272c1..efc7c68fb35 100644 --- a/src/content/docs/apm/agents/php-agent/configuration/php-agent-configuration.mdx +++ b/src/content/docs/apm/agents/php-agent/configuration/php-agent-configuration.mdx @@ -3938,6 +3938,7 @@ An upcoming release of errors inbox will automatically track which versions of y This section lists the settings that affect the reporting of PHP packages. + - - + ## Other .ini settings [#inivar-rare-settings] @@ -4402,3 +4402,4 @@ This section lists the remaining newrelic.ini settings. Enables the detection of frameworks and libraries when preloading is enabled. Preloading was introduced in PHP version 7.4. `newrelic.preload_framework_library_detection` will only take effect when `opcache.preload` is set in the `php.ini` file. + From 5d9c99acad37798ad8f3271c0c4f64c7f20f1e99 Mon Sep 17 00:00:00 2001 From: Michal Nowacki Date: Tue, 1 Oct 2024 12:09:25 -0400 Subject: [PATCH 5/5] Apply suggestions from code review Update language according to docs team guidelines. Co-authored-by: Rob Siebens --- .../docs/vulnerability-management/integrations/intro.mdx | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/content/docs/vulnerability-management/integrations/intro.mdx b/src/content/docs/vulnerability-management/integrations/intro.mdx index 96694fcbe2e..980424629e6 100644 --- a/src/content/docs/vulnerability-management/integrations/intro.mdx +++ b/src/content/docs/vulnerability-management/integrations/intro.mdx @@ -268,9 +268,10 @@ CVE detection coverage differs between agents: - We recommend using [officially supported versions](/docs/apm/agents/php-agent/getting-started/php-agent-compatibility-requirements/) of PHP. - If your project uses [Composer](https://getcomposer.org/) to manage dependencies, New Relic [PHP APM Agent](/docs/apm/agents/php-agent/getting-started/introduction-new-relic-php) can be configured to detect vulnerabilities in all your packages. This feature is disabled by default. - See [PHP Agent Configuration - Vulnerability management settings](/docs/apm/agents/php-agent/configuration/php-agent-configuration/#inivar-vulnerability-management) for detailed information how to configure Vulnerability Management integration in New Relic PHP APM Agent. + We recommend you use [officially supported versions](/docs/apm/agents/php-agent/getting-started/php-agent-compatibility-requirements/) of PHP. + If your project uses [Composer](https://getcomposer.org/) to manage dependencies, you can configure the New Relic [PHP APM agent](/docs/apm/agents/php-agent/getting-started/introduction-new-relic-php) to detect vulnerabilities in all your packages. This feature is disabled by default. + + See the Vulnerability Management settings in [PHP agent configuration](/docs/apm/agents/php-agent/configuration/php-agent-configuration/#inivar-vulnerability-management) for detailed information about how to configure the integration in the New Relic PHP APM agent.