Aqua Software Supply Chain Security Solution Released
September 28, 2022

Aqua Security announced a new end-to-end software supply chain security solution.

The new solution ensures protection across the entire software development lifecycle (SDLC) and helps organizations proactively prevent and stop supply chain attacks on cloud native applications.

Aqua identifies software supply chain risks as threats coming from third-party artifacts, open source dependencies and malicious actors targeting the unique developer toolset and environment. To combat the growing risk to the software supply chain, Aqua is introducing new capabilities to add to its current supply chain solution. These new capabilities make Aqua a solution which is able to protect against supply chain risk from code all the way through to runtime, across both the application and underlying infrastructure.

“Other vendors miss a piece of the equation,” said Amir Jerbi, CTO and Co-founder of Aqua Security. “For example, some solutions focus on the build while others focus on the code and build, but Aqua ... allows developers to offer proactive security measures across code, build, deploy and runtime phases. With this, we are giving developers and security teams the confidence to continue to build their cloud native application development capabilities and prevent supply chain attacks.”

The Aqua Software Supply Chain Security Solution provides alerts and acceptance gates along the entire code and build stages to proactively reduce risk as early as possible in the development life cycle. These assurance policies can be automated, further shortening the feedback loop for development and security teams and eliminating these associated costs.

The solution is part of Aqua’s fully integrated Cloud Native Application Protection Platform (CNAPP), the Aqua Platform. Aqua is redefining the CNAPP category with even more integration and end-to-end protection.

The Aqua Supply Chain Solution introduces new robust features, including:

- Code Scanning: Scan an organization’s code in a matter of minutes without leaving the developer workflow. Powered by Aqua Trivy Premium, the enterprise version of the popular open source universal cloud native security scanner, developers can find and remediate vulnerabilities and other risks within code to deliver safer code faster.

- CI/CD Posture Management: Secure your Continuous Integration/Continuous Delivery (CI/CD) tool chain to establish a zero-trust DevOps environment. Enforce Least Privilege Access to reduce security risks and meet compliance requirements. Easily spot and fix dangerous misconfigurations of your DevOps platform (e.g., GitHub, Jenkins, Nexus). Identify insider threats such as the removal of required security checks, bulk changes to user account access or a change to a sensitive code repository.

- Pipeline Security: Identify new or non-compliant CI pipelines and apply customizable security assurance policies across your entire organization’s CI with a single click. Set specific enforcements on your production pipeline to make sure every newly built artifact is signed and scanned for vulnerabilities, secrets and Infrastructure as Code (IaC) misconfigurations.

- Next-Generation SBOM: Go beyond basic SBOM generation and record every step and action from the moment a developer has committed the latest code change through the build process up until the new final artifact is generated. With code signing, users can also verify the code history and gain certainty that the code they create is the same code that ends up in the development tool chain.

- Open Source Health Assessment: Assess the health and reputation of open source code. Aqua grades every open-source package based on quality, maintainability, popularity and risk for supply chain incidents. The solution can automatically prevent risky code from entering the codebase, and developers are notified in real time of potentially dangerous packages.

“Adding these new Software Supply Chain Security capabilities to our existing Dynamic Threat Analysis and runtime protection capabilities, we bring the most proactive and holistic defense-in-depth solution that can secure from day one and stop cloud native attacks,” said Jerbi.

The launch and rollout of Aqua’s Supply Chain Solution is the last step in the full integration of the Argon Security technology following the acquisition in December 2021.

Share this

Industry News

November 30, 2023

Parasoft, a global leader in automated software testing solutions, today announced complete support for MISRA C++ 2023 with the upcoming release of Parasoft C/C++test 2023.2.

November 30, 2023 achieved the Amazon Elastic Kubernetes Service (Amazon EKS) Ready designation from Amazon Web Services (AWS).

November 29, 2023

CircleCI implemented a gen2 GPU resource class, leveraging Amazon Elastic Compute Cloud (Amazon EC2) G5 instances, offering the latest generation of NVIDIA GPUs and new images tailored for artificial intelligence/machine learning (AI/ML) workflows.

November 29, 2023

XM Cyber announced new capabilities that provide complete and continuous visibility into risks and vulnerabilities in Kubernetes environments.

November 29, 2023

PerfectScale has achieved the Amazon Elastic Kubernetes Service (Amazon EKS) Ready designation from Amazon Web Services (AWS).

November 28, 2023

BMC announced two new product innovations, BMC AMI DevX Code Insights and BMC AMI zAdviser Enterprise.

November 28, 2023

Rafay Systems announced the availability of the Rafay Cloud Automation Platform — the evolution of its Kubernetes Operations Platform — to enable platform teams to deliver automation and self-service capabilities to developers, data scientists and other cloud users.

November 28, 2023

Bitrise is integrating with Amazon Web Services (AWS) to provide compliance-conscious companies with greater access to CI/CD capabilities for mobile app development.

November 28, 2023

Armory announced a new unified declarative deployment capability for AWS Lambda.

November 27, 2023

Amazon Web Services (AWS) and Salesforce announced a significant expansion of their long standing, global strategic partnership, deepening product integrations across data and artificial intelligence (AI), and for the first time offering select Salesforce products on the AWS Marketplace.

November 27, 2023

Veracode announced product innovations to enhance the developer experience. The new features integrate security into the software development lifecycle (SDLC) and drive adoption of application security techniques in the environments where developers work.

November 27, 2023

Couchbase announced a new Capella columnar service on Amazon Web Services (AWS), enabling organizations to harness real-time analytics to build adaptive applications.

November 21, 2023

Redgate announced the launch of Redgate Test Data Manager, which simplifies the challenges that come with Test Data Management (TDM) and modern software development across multiple databases.

November 21, 2023

mabl announced an integration with GitLab, the AI-powered DevSecOps platform.

November 21, 2023

FusionAuth announced the availability of new software development kits (SDKs) that support Angular, React and Vue JavaScript front-end frameworks.