# OX Runtime Sensor Runtime Sensor is an OX capability for Kubernetes clusters, Linux hosts, and AWS ECS environments that collects runtime signals from your applications and turns them into actionable insights in OX. Runtime Sensor detects which third-party libraries are actually loaded in memory at runtime. When a known vulnerability affects a library in your codebase, knowing whether that library is loaded gives you a stronger indication of urgency during triage. Supported runtimes and package types: * JavaScript (Node.js) * Python * Java * Go * C# * Ruby * PHP * Native packages (shared libraries) Insights appear in OX in the Active Issues page as severity factors. You can see whether a dependency is loaded at runtime or not, with evidence you can review. This context lets you prioritize fixes that reduce real, current risk in your running services.

In the [SBOM page](/inventory-with-ox-bom/sbom.md) you can view the runtime status of each asset.

You can deploy the OX Runtime Sensor using the following methods: * [**Kubernetes:**](/secure-runtime/ox-runtime-sensor/install-ox-runtime-sensor-on-kubernetes-helm.md) As a DaemonSet, one pod per node. * [**Linux host:**](/secure-runtime/ox-runtime-sensor/install-ox-runtime-sensor-on-linux-host.md) As a systemd service. * [**AWS EC2:**](/secure-runtime/ox-runtime-sensor/install-ox-runtime-sensor-on-aws-ec2.md) As a systemd service, with automatic `instanceId` enrichment using IMDSv2. * [**AWS ECS:**](/secure-runtime/ox-runtime-sensor/install-ox-runtime-sensor-on-aws-ecs-terraform.md) As a Daemon service, one task per EC2 container instance. In every deployment mode, the sensor uses eBPF to observe file access at the kernel level, no code changes, no sidecars, and no application restarts required. The sensor authenticates to OX with an API key over outbound TLS. It does not write data to the host and does not require persistent storage. CPU, memory, and disk usage are minimal. The following is the runtime installation and connection process. For advanced configuration, security requirements, and deployment customization, see [Runtime Sensor Advanced Configuration](/secure-runtime/ox-runtime-sensor/runtime-sensor-advanced-configuration.md). ### Prerequisites **Common to all deployment methods:**

Requirement	Details
Linux kernel	v5.10 and later with BTF enabled (any Linux distribution)
Network	Outbound HTTPS (port 443) access to `api.cloud.ox.security`. If your environment routes traffic through a proxy, see Proxy configuration.
OX API key	See Step 1: Create a new API key

**Method-specific requirements:**

Deployment method	Requirements
Kubernetes (Helm)	EKS / AKS / GKE or self-managed Kubernetes v1.20+; Helm 3
Linux host	Docker or containerd running on the host; `sudo` access
AWS EC2	EC2 instance with IMDSv2 reachable; Docker or containerd; `sudo` access
AWS ECS (Terraform)	ECS cluster backed by EC2 (not Fargate); Terraform v1.3+; AWS credentials with ECS, IAM, CloudWatch Logs, and Secrets Manager permissions

## Step 1: Create a new API key 1. From the left pane of **OX dashboard**, select **Settings > API Key Settings**. 2. In the **API Key Settings** window, select **CREATE API KEY**.

3. In the **Create API Key** box, set the following and select **CREATE**: * **API Key Name:** Add a meaningful name that is easy to identify. It is good practice to include the key's intended purpose in the name. * **API Key Type:** Select **K8 Inspector/Runtime Sensor Integration**. * **Expiration Date:** Until when you can use this key. 4. Copy the key that appears and save the key in a safe location. This is the only time when you can see and copy the actual key. 5. Select **CLOSE**. The new key appears in the **API Key Settings** page. ## Step 2: Deploy the Runtime Sensor Select the deployment method that matches your environment: * [Kubernetes (Helm)](/secure-runtime/ox-runtime-sensor/install-ox-runtime-sensor-on-kubernetes-helm.md) * [Linux Host](/secure-runtime/ox-runtime-sensor/install-ox-runtime-sensor-on-linux-host.md) * [AWS EC2](/secure-runtime/ox-runtime-sensor/install-ox-runtime-sensor-on-aws-ec2.md) * [AWS ECS (Terraform)](/secure-runtime/ox-runtime-sensor/install-ox-runtime-sensor-on-aws-ecs-terraform.md) Each page lists the method's specific requirements, installation steps, verification commands, and configuration reference. ## Step 3: Connect to OX Runtime Sensor > **Note:** Before connecting, make sure the sensor is running in your environment. 1. In the OX platform, go to the **Connectors** page. 2. Select **Add Connector** and search for **OX Runtime Sensor**. 3. In the **Configure your OX Runtime Sensor credentials** dialog, select **CONNECT**.

[To use eBPF programs, OX complies with the GPL.](/secure-runtime/ox-runtime-sensor/gpl-licensed-components-and-source-availability.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ox.security/secure-runtime/ox-runtime-sensor.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.