Aqua Security Updates Open Source Trivy
May 19, 2022

Aqua Security announced multiple updates to Aqua Trivy, making it a unified scanner for cloud native security.

Consolidating multiple scanning tools into a single tool, it is now a comprehensive vulnerability and misconfigurations scanner for cloud native applications and infrastructure.

Trivy is also being integrated into the Aqua Platform as Trivy Premium, through which customers can take advantage of customer support, premium content and centralized management for enterprise scalability.

Trivy is now one tool for all cloud native scanning needs including source code, repositories, images, artifact registries, Infrastructure as Code (IaC) templates and Kubernetes environments. With fewer tools to manage, developers, DevOps and DevSecOps now have a more efficient, simplified tool to ensure security of their cloud native applications. They can integrate security into their workflows without having to leave their continuous integration or continuous deployment (CI/CD) environments.

New capabilities include the following:

- Scan proprietary and third-party code for issues using Integrated Developer Environment (IDE) plug-ins for JetBrains, VSCode and VIM to shift security further left.

- Generate complete software bills of materials (SBOM) to provide transparency into software components and restore visibility to risks in the software supply chain.

- Detect sensitive hardcoded secrets, like passwords, API keys and tokens to prevent unauthorized access by threat actors.

- Scan running Kubernetes clusters for a full life cycle view of risks, and audit for regulatory compliance.

“By integrating more cloud native scanning targets into Trivy, such as Kubernetes, we are simplifying cloud native security,” said Amir Jerbi, CTO and co-founder of Aqua Security. “Security professionals are overwhelmed with the number of tools they are required to use and consolidating tools where possible helps teams become more efficient. The world’s most popular open source vulnerability scanner is now elevated to another level. With Trivy’s enhancements, developers have less tools to learn, use, manage and maintain.”

Trivy Premium, now part of the Aqua Cloud Native Application Protection Platform (CNAPP), builds on the popularity of Trivy Open Source and adds new centralized management capabilities plus a user interface to meet the scalability and management needs of larger organizations.

Trivy Premium also offers increased vulnerability identification accuracy, thanks to premium threat intelligence, malware scanning and the ability to scan standalone binaries (applications installed directly without the use of a package manager). As part of the Aqua Platform, Trivy Premium integrates with other platform modules like Cloud Security Posture Management (CSPM) and Runtime Protection for complete cloud native application life cycle protection.

“Trivy Premium is a gamechanger for organizations who already know and love Trivy and want to leverage the best security tools from the start to prevent attacks before they happen,” said Jerbi.

Trivy is a comprehensive, easy-to-use open source scanner, covering more languages, OS packages and application dependencies. It provides fast, stateless scanning with no prerequisites for installation and delivers highly accurate results with broad and accurate coverage.

In May 2022, Trivy was integrated into Docker Desktop to bring vulnerability and risk scanning into developer workflows, eliminating friction, so users can confidently build more secure cloud native applications. Trivy is built on the largest cloud native security community, and with 100,000 users, and with nearly 12,000 GitHub stars, it is the most popular vulnerability and risk scanner in the world. It has been adopted by leading cloud platform providers and for DevOps projects like GitLab, Artifact Hub, and Harbor.

Share this

Industry News

March 27, 2024

WaveMaker has updated its platform in response to customer demand for more sophisticated API and code management tools.

March 27, 2024

Vercara announced the launch of UltraAPI™, a product suite that protects APIs and web applications from malicious bots and fraudulent activity while ensuring regulatory compliance.

March 27, 2024

Legit Security announced the launch of its standalone enterprise secrets scanning product, which can detect, remediate, and prevent secrets exposure across the software development pipeline.

March 26, 2024

Progress announced a strategic partnership with Veeam® Software, the #1 leader by market share in Data Protection and Ransomware Recovery, to provide customers with an enterprise-ready cyber defense solution that strengthens the security of their business-critical data.

March 26, 2024

GitGuardian released its Software Composition Analysis (SCA) module.

March 26, 2024

DataStax announced a milestone in its journey to simplify enterprise retrieval-augmented generation (RAG) for developers by integrating with Microsoft Semantic Kernel.

March 25, 2024

Check Point® Software Technologies Ltd. is collaborating with NVIDIA to enhance the security of AI cloud infrastructure. Integrating NVIDIA BlueField DPUs, which feature a broad range of purpose-built, innovative security capabilities, the new Check Point AI Cloud Protect solution will help prevent threats at both the network and host levels.

March 25, 2024

Sentry announced the release of Autofix, an AI-powered feature to debug and fix code in minutes, saving important time and resources.

March 25, 2024

Apiiro announced a product integration and partnership with Secure Code Warrior, the agile developer security training platform, to extend its ASPM technology and processes to the people layer.

March 21, 2024

Progress announced that Progress® Semaphore™, its metadata management and semantic AI platform, was named a Champion in SoftwareReviews’ 2024 Metadata Management Emotional Footprint Awards.

March 21, 2024

The Cloud Native Computing Foundation® (CNCF®) has partnered with Udemy, an online skills marketplace and learning platform.

March 21, 2024

GitLab has acquired Oxeye, the provider of a cloud-native application security and risk management solution.

March 21, 2024

GitHub announced that code scanning autofix, powered by GitHub Copilot and CodeQL, is available in public beta for all GitHub Advanced Security (GHAS) customers.

March 21, 2024

NetApp is collaborating with NVIDIA to advance retrieval-augmented generation (RAG) for generative AI applications.

March 21, 2024

CalypsoAI launched the CalypsoAI Platform, an advanced SaaS-based security and enablement solution for generative AI applications within the enterprise.