Aqua Security's Trivy Adds CSPM Capabilities
August 17, 2022

Aqua Security announced the addition of cloud security posture management (CSPM) capabilities to the open source tool Aqua Trivy.

Trivynnow provides one easy to-use-tool for scanning all cloud native applications to detect and prioritize risks.

Initially available for AWS cloud users with other cloud provider support coming soon, users can now scan their AWS accounts to identify misconfigurations and insider threats to ensure security and compliance with CIS Benchmarks. Now more teams can benefit from standardizing security efforts on a single, unified scanner to enforce consistent policies across the full cloud native application lifecycle.

“This is the next step in our mission to simplifying cloud native security for the community,” said Itay Shakury, director of open source, Aqua Security. “Trivy is making cloud security accessible and easy for everyone through the power of Open Source. We have been steadily releasing more and more security capabilities to the community through Trivy, and today we’re excited to bring the Trivy experience to cloud and AWS users.”

With accelerating cloud adoption accelerating and a widening skills gap, organizations are challenged to manage the multitude of configurations and keep their cloud footprints secure. The addition of CSPM capabilities to Aqua Trivy empowers AWS customers with fast, effective scanning and visibility for live environments.

“Aqua’s open source team is constantly innovating to bring best-of-breed capabilities to users, and the addition of AWS cloud configuration scanning further solidifies Trivy as the single scanner for all cloud native infrastructure and applications,” said Shakury. “We plan to add more cloud providers and more security frameworks, as we continue working to add value for our users and help them prevent attacks on cloud native environments.”

Users can define their own rules or browse and select from the Trivy community’s catalog of standards and policies. Because Trivy already had built-in misconfiguration rules for infrastructure as code (IaC) scanning, users benefit from having rules that are consistent across IaC definitions and production environments. As a bonus, Trivy can be used to identify AWS issues when infrastructure is defined with Terraform or CloudFormation.

Trivy is an open source vulnerability and risk scanner, covering more languages, OS packages and application dependencies than any other open source scanner. It provides fast, stateless scanning with no prerequisites for installation and delivers highly accurate results with broad coverage.

Share this

Industry News

September 29, 2022

CloudBees announced the acquisition of ReleaseIQ to expand the company’s DevSecOps capabilities, empowering customers with a low-code, end-to-end release orchestration and visibility solution.

September 29, 2022

SmartBear continues expanding its commitment to the Atlassian Marketplace, adding Bugsnag for Jira and SwaggerHub Integration for Confluence.

Bugsnag developers monitoring application stability and documenting in Jira no longer need to interrupt their workflow to access the app. Developers working in SwaggerHub can use the macro to push API definitions and changes directly to other teams and business stakeholders that work within Confluence. By increasing the presence of SmartBear tools on the Atlassian Marketplace, the company continues meeting developers where they are.

September 29, 2022

Ox Security exited stealth today with $34M in funding led by Evolution Equity Partners, Team8, and M12, Microsoft's venture fund, with participation from Rain Capital.

September 29, 2022

cnvrg.io announced that the new Intel Developer Cloud is now available via the cnvrg.io Metacloud platform, providing a fully integrated software and hardware solution.

September 28, 2022

Kong introduced a number of new performance, security and extensibility features across its entire product portfolio, including major new releases of Kong Gateway, Kong Konnect, Kong Mesh, Kong Insomnia and Kong Ingress Controller, as well as new projects from the Kong Incubator.

September 28, 2022

BroadPeak Partners announced the availability of the new K3 API Connector.

September 28, 2022

Aqua Security announced a new end-to-end software supply chain security solution.

September 27, 2022

DevOps Institute will host SKILup Festival in Singapore on November 15, 2022.

September 27, 2022

Delinea announced the latest release of DevOps Secrets Vault, its high-speed vault for DevOps and DevSecOps teams.

September 27, 2022

The Apptainer community announced version 1.1.0 of the popular container system for secure, high-performance computing (HPC). Improvements in the new version provide a smaller attack surface for production deployments while offering features that improve and simplify the user experience.

September 26, 2022

Secure Code Warrior unveiled Coding Labs, a new mechanism that allows developers to more easily move from learning to applying secure coding knowledge, leading to fewer vulnerabilities in code.

September 26, 2022

ActiveState announced the availability of the ActiveState Artifact Repository.

September 26, 2022

Split Software announced the availability of its Feature Data Platform in the Microsoft Azure Marketplace.

September 22, 2022

Katalon announced the launch of the Katalon Platform, a modern and comprehensive software quality management platform that enables teams of any size to easily and efficiently test, launch, and optimize apps, products, and software.

September 22, 2022

StackHawk announced its Deeper API Security Test Coverage release.