Aqua Security, a provider of cloud security for pure gaming, has unveiled numerous updates to Aqua Trivy, making it the world’s first unified cloud security scanner.
Consolidating multiple scanning tools into one tool is now the most comprehensive scanner for vulnerabilities and incorrect configurations for applications and cloud applications. Trivy also integrates into the Aqua platform as Trivy Premium, through which customers can benefit from customer support, premium content and centralized enterprise scalability management.
Trivy is now a tool for all cloud scanning needs, including source code, repositories, images, artifact logs, infrastructure templates such as code (IaC), and Kubernetes environments. With fewer management tools, developers, DevOps and DevSecOps now have a more efficient, simpler tool to ensure the security of their cloud applications. They can integrate security into their workflows without having to leave their environments for continuous integration or continuous deployment (CI / CD).
New features include the following:
• Scan your own code and third-party code for problems using the Integrated Developer Environment (IDE) plug-ins for JetBrains, VSCode and VIM to move security to the left.
• Generate complete Software Invoices (SBOM) to ensure transparency of software components and restore the visibility of risks in the software supply chain.
• Discover sensitive hard-coded secrets, such as passwords, API keys, and tokens, to prevent unauthorized access by threats.
• Scanning of working Kubernetes clusters for a complete review of life cycle risks and audit for compliance with regulatory requirements.
Amir Djerbi, Technical Director and Co-Founder of Aqua Security, said: “By integrating more cloud scanning targets into Trivy, such as Kubernetes, we are simplifying natural cloud security.
“Security professionals are overwhelmed by the number of tools they are required to use, and consolidating tools where possible helps teams become more effective. The world’s most popular open source vulnerability scanner has already been taken to another level. With Trivy improvements, developers have fewer tools to learn, use, manage, and maintain.
Trivy Premium, now part of the Aqua Cloud Application Protection Platform (CNAPP), builds on the popularity of Trivy Open Source and adds new centralized management capabilities plus a user interface to meet the scalability and management needs of larger organizations . Trivy Premium also offers increased accuracy in identifying vulnerabilities, thanks to first-class threat intelligence, malware scanning and the ability to scan stand-alone binaries (applications installed directly without the use of a package manager). As part of the Aqua Platform, Trivy Premium integrates with other platform modules such as Cloud Security Posture Management (CSPM) and Runtime Protection to fully protect the lifecycle of cloud applications.
“Trivy Premium is a game changer for organizations that already know and love Trivy and want to use the best security tools from the start to prevent attacks before they happen,” Jerby said.
Trivy is the most comprehensive, easy-to-use open source scanner, covering more languages, operating packages, and application dependencies than any other scanner. Provides fast, stateless scanning with no prerequisites for installation and provides extremely accurate results with wide and accurate coverage.
In May 2022, Trivy was integrated into Docker Desktop to bring vulnerability and risk scanning to developers’ workflows, eliminating friction so that users can confidently build more secure cloud applications. Built on the largest cloud security community with 100,000 users and nearly 12,000 GitHub stars, Trivy is the world’s most popular vulnerability and risk scanner. It has also been accepted by leading cloud platform vendors for DevOps projects such as GitLab, Artifact Hub and Harbor.
Aqua Security creates first unified scanner for cloud native security