The Cloud Native Vulnerability and Risk Scanner now offers new capabilities that enable users to seamlessly integrate and scale cloud native security into their software development lifecycle (SDLC).
Aqua Security, the leading pure-play cloud native security provider, today announced several updates to Aqua Trivy, making it the world's first unified cloud native security scanner. By consolidating multiple scanning tools into a single tool, Aqua Trivy is now the most comprehensive vulnerability and misconfiguration scanner for cloud native applications and infrastructure. Trivy will also now be integrated into the Aqua platform as Trivy Premium, allowing customers to take advantage of customer support, premium content and centralized management for enterprise scalability.
Aqua builds more features into Trivy Open Source
Trivy is now a unified tool for scanning Cloud Native, including source code, repositories, images, artifact registries, Infrastructure as Code (IaC) templates, and Kubernetes environments. With fewer tools to manage, developers, DevOps and DevSecOps now have a more efficient, simplified tool to ensure the security of their cloud native applications. They can integrate security into their workflows without having to leave their continuous integration or continuous delivery (CI/CD) environments.
New features include
- Scanning your own and someone else's code for issues using IDE (Integrated Developer Environment) plug-ins for JetBrains, VSCode, and VIM to move security "further to the left."
- Generation of complete software bills of materials (SBOM) to create transparency in software components and to make the risks in the software supply chain visible again.
- Detect sensitive, hard-coded secrets like passwords, API keys, and tokens to prevent unauthorized access by threat actors.
- Scan running Kubernetes clusters to get a full lifecycle view of risks and check for regulatory compliance.
"By integrating more cloud-native scan targets into Trivy, such as Kubernetes, we are simplifying cloud-native security," said Amir Jerbi, CTO and co-founder of Aqua Security. “Security professionals are overwhelmed with the number of tools they need to use, and consolidating tools wherever possible helps teams become more efficient. The world's most popular open source vulnerability scanner is now being taken to a new level. With Trivy's extensions, developers have fewer tools to learn, use, manage, and maintain. Trivy Premium is a key benefit for organizations that already know and love Trivy and want the best security tools right from the start to prevent attacks before they happen.”
Enterprise-class features
Trivy Premium, now part of the Aqua Cloud Native Application Protection Platform (CNAPP), builds on the popularity of Trivy open source and adds new centralized management capabilities and user interface to meet the scalability and needs of larger organizations. Trivy Premium also offers higher accuracy in detecting vulnerabilities thanks to best-in-class threat intelligence, malware scanning, and the ability to scan standalone binaries (applications that are installed directly without a package manager). As part of the Aqua platform, Trivy Premium integrates with other platform modules such as Cloud Security Posture Management (CSPM) and Runtime Protection to protect the entire lifecycle of cloud native applications.
Cloud native open source scanners
Trivy is the most comprehensive and easy-to-use open source scanner covering more languages, operating system packages and application dependencies than any other scanner. It offers fast, stateless scanning with no installation requirements, delivering high-precision results with wide and accurate coverage.
In May 2022, Trivy was integrated with Docker Desktop to bring vulnerability and risk scanning into developer workflows, removing friction so users can build more secure cloud native applications with confidence. Trivy is based on the largest cloud native security community and, with 100.000 users and almost 12.000 GitHub stars, is the world's most popular vulnerability and risk scanner. It has been adopted by leading cloud platform providers and for DevOps projects such as GitLab, Artifact Hub and Harbor.
More at AquaSec.com
About Aqua Security Aqua Security is the largest pure cloud native security provider. Aqua gives its customers the freedom to innovate and accelerate their digital transformation. The Aqua platform provides prevention, detection, and response automation across the application lifecycle to secure the supply chain, cloud infrastructure, and ongoing workloads—regardless of where they are deployed.