Aqua Trivy recognized by the open source leader as the best tool to help customers achieve shift left security for DevOps
Aqua Security, the pure-play cloud native security leader, announces that Aqua Trivy is now the default scanner for GitLab Auto DevOps. Customers can now automatically scan the GitLab CI pipeline for OS package vulnerabilities. This change will take place as part of GitLab’s 14.0 release and is based on the results of a publicly available solution comparison andย research process.
Recommendedย ITechย News: Opsera Extends No-Code DevOps Orchestration Platform to Salesforce Release Automation
“One of the primaryย reasons behindย theย default scannerย change wasย theย ease of use with Trivy compared to alternative open source scanner options,” saysย Sam White, Sr.ย Product Manager at GitLab. “Other scanners often require two services or more to be up and running, before they can even start a scan. Trivy is simple and efficient. Trivy bundles the vulnerability database together with the scanner, and that’s one less service that we then have to start up and maintain.”
Collaborationย with theย open sourceย engineering team was also a critical factor. White adds, “The Trivy project lead has been great to work with. It’s been night and day compared to some interactions that we’ve had with other security vendors. The close collaboration has been invaluable to us.”
The partnershipย withย Aquaย Trivyย will continueย with roadmap plans to scan containers running in production usingย Trivyย with Aqua Starboard, Aqua’sย open sourceย Kubernetes Security toolkit.ย Moving forward, both Aquaย Trivyย and Aqua Starboard will form a fundamental part ofย GitLab’s Auto DevOps roadmap,ย enablingย users with best-in-class default security options.
Recommendedย ITechย News: QC Ware Forge Breaks New Ground with Industry-first Quantum Linear Algebra APIs
“With the integration ofย GitLabย withย Trivyย and Starboard, we’re aiming to provide anย ‘on-by-default’ย type of scenario, where if you’re using Auto DevOps to deploy into production,ย we’re running those scans by default and giving you the results,” saidย White.ย “GitLabย and Aqua Securityย can enableย that as a default out-of-the-box configuration, rather than something thatย usersย have to stitch together on their own.”
“This partnershipโฏprovidesโฏboth Aqua andย GitLabย users access to the comprehensive security tools they need to successfully shift left,” said ItayโฏShakury, Director Open Source, Aqua Security. “GitLab’s customersโฏnow haveโฏaccess to the best inโฏopen sourceโฏvulnerability scanning,โฏwhileโฏthe AquaโฏTrivyโฏcommunityโฏcanโฏbenefit from theโฏpowerfulโฏinput and feedback fromย GitLabย and its users.โฏโฏWe’re looking forward to building the relationship further and allowing GitLab to leverage additional open source projects, like Aqua Starboard, to better schedule scan jobs in production environments.”
Recommendedย ITechย News: Automation Anywhere Appoints Sales Executive to Lead Explosive Cloud RPA Growth Across Asia-Pacific and Japan
