CIO Influence
CIO Influence News Cloud Security

Aqua Security Expands Open Source Trivy to Create the First Unified Scanner for Cloud Native Security

Aqua Security Expands Open Source Trivy to Create the First Unified Scanner for Cloud Native Security
The world’s most popular cloud native vulnerability and risk scanner adds new capabilities to help practitioners seamlessly integrate and scale cloud native security into their Software Development Lifecycle (SDLC)

Aqua Security, the leading pure-play cloud native security provider, announced multiple updates to Aqua Trivy, making it the world’s first unified scanner for cloud native security. Consolidating multiple scanning tools into a single tool, it is now the most comprehensive vulnerability and misconfigurations scanner for cloud native applications and infrastructure. Trivy is also being integrated into the Aqua Platform as Trivy Premium, through which customers can take advantage of customer support, premium content and centralized management for enterprise scalability.

Latest ITechnology News: Sparkle and Atos sign partnership to answer growing demand for Cloud services and solutions

Aqua Builds More Capabilities Into Trivy Open Source
Trivy is now one tool for all cloud native scanning needs including source code, repositories, images, artifact registries, Infrastructure as Code (IaC) templates and Kubernetes environments. With fewer tools to manage, developers, DevOps and DevSecOps now have a more efficient, simplified tool to ensure security of their cloud native applications. They can integrate security into their workflows without having to leave their continuous integration or continuous deployment (CI/CD) environments.

New capabilities include the following:

  • Scan proprietary and third-party code for issues using Integrated Developer Environment (IDE) plug-ins for JetBrains, VSCode and VIM to shift security further left.
  • Generate complete software bills of materials (SBOM) to provide transparency into software components and restore visibility to risks in the software supply chain.
  • Detect sensitive hardcoded secrets, like passwords, API keys and tokens to prevent unauthorized access by threat actors.
  • Scan running Kubernetes clusters for a full life cycle view of risks, and audit for regulatory compliance.

“By integrating more cloud native scanning targets into Trivy, such as Kubernetes, we are simplifying cloud native security,” said Amir Jerbi, CTO and co-founder of Aqua Security. “Security professionals are overwhelmed with the number of tools they are required to use and consolidating tools where possible helps teams become more efficient. The world’s most popular open source vulnerability scanner is now elevated to another level. With Trivy’s enhancements, developers have less tools to learn, use, manage and maintain.”

Latest ITechnology News: MOBILTEX Releases Next-Generation CorView.Cloud Platform Powered by AWS

Trivy Premium Builds On Trivy Open Source With Enterprise-Class Capabilities
Trivy Premium, now part of the Aqua Cloud Native Application Protection Platform (CNAPP), builds on the popularity of Trivy Open Source and adds new centralized management capabilities plus a user interface to meet the scalability and management needs of larger organizations. Trivy Premium also offers increased vulnerability identification accuracy, thanks to premium threat intelligence, malware scanning and the ability to scan standalone binaries (applications installed directly without the use of a package manager). As part of the Aqua Platform, Trivy Premium integrates with other platform modules like Cloud Security Posture Management (CSPM) and Runtime Protection for complete cloud native application life cycle protection.

“Trivy Premium is a gamechanger for organizations who already know and love Trivy and want to leverage the best security tools from the start to prevent attacks before they happen,” said Jerbi.

The World’s Most Popular Cloud Native Open Source Scanner
Trivy is the most comprehensive, easy-to-use open source scanner, covering more languages, OS packages and application dependencies than any other scanner. It provides fast, stateless scanning with no prerequisites for installation and delivers highly accurate results with broad and accurate coverage.

In May 2022, Trivy was integrated into Docker Desktop to bring vulnerability and risk scanning into developer workflows, eliminating friction, so users can confidently build more secure cloud native applications. Trivy is built on the largest cloud native security community, and with 100,000 users, and with nearly 12,000 GitHub stars, it is the most popular vulnerability and risk scanner in the world. It has been adopted by leading cloud platform providers and for DevOps projects like GitLab, Artifact Hub, and Harbor.

Latest ITechnology News: Calix Launches New Software and Systems Capabilities for the Industry’s Only End-to-End Solutions

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

Omnispace and Vulcan Wireless Demonstrate Portable Military Radios Communicating via Commercial Satellite

CIO Influence News Desk

Fovia Ai to Showcase AI Visualization Integrations at IAIP Exhibit, RSNA 2021

CIO Influence News Desk

Teradata Launches AI Unlimited in Microsoft Fabric, Simplifying AI/ML Workloads for Developers

CIO Influence Staff Writer

Leave a Comment