SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Application Security
#
Cloud Security
#
Open source
Aqua Security adds CPSM capabilities to Aqua Trivy
Thu, 18th Aug 2022
FYI, this story is more than a year old
Author image
By Zach Thompson, News Editor
Follow us

Aqua Security has added cloud security posture management (CPSM) capabilities to its open source tool, Aqua Trivy.

Trivy, a developer tool for scanning cloud-native assets, now offers a single easy-to-use tool for scanning all cloud-native applications to detect and prioritise risks.

The offering is initially available to AWS cloud users, but Aqua Security says other cloud provider support is coming soon.

These capabilities will give AWS users the means to scan their accounts to recognise misconfigurations and insider threats to ensure security and compliance in line with CIS Benchmarks.

This allows more teams to benefit from standardising security efforts on a single, unified scanner to maintain policies throughout the complete cloud-native applications lifecycle.

“This is the next step in our mission to simplify cloud native security for the community,” Aqua Security open source director Itay Shakury says.

“Trivy is making cloud security accessible and easy for everyone through the power of Open Source.

“We have been steadily releasing more and more security capabilities to the community through Trivy, and today we're excited to bring the Trivy experience to cloud and AWS users.

Aqua Security notes that organisations are faced with difficulty in managing the quantity of configurations and keeping their cloud footprints secure.

By providing CSPM capabilities to Aqua Trivy, AWS customers will have quick, effective scanning and visibility for live environments.

“Aqua's open source team is constantly innovating to bring best-of-breed capabilities to users, and the addition of AWS cloud configuration scanning further solidifies Trivy as the single scanner for all cloud native infrastructure and applications,” Shakury adds.

“We plan to add more cloud providers and more security frameworks, as we continue working to add value for our users and help them prevent attacks on cloud native environments.

Aqua Trivy also offers users the ability to define their own rules or browse and select from the Trivy community's catalogue of standards and policies, which differentiates it from other built-in cloud tools.

Further, Trivy already has built-in misconfiguration rules for infrastructure as code (IaC) scanning, which enable users to use consistent rules across IaC definitions and production environments.

Trivy can also be used to identify AWS problems when infrastructure is defined with Terraform or CloudFormation.

In addition, Trivy covers more languages, OS packages and application dependencies than any other open source scanner.

The offering also provides fast and stateless scanning with no prerequisites for installing it and generates highly accurate results with broad coverage.

Trivy also recently became the world's first unified scanner for cloud-native security.

Moreover, in May 2022, Trivy was integrated into Docker Desktop to bring vulnerability and risk scanning into developer workflows and eliminate friction, enabling users to build more secure cloud-native applications with a greater level of confidence.

Related stories
Half of online traffic in 2024 generated by bots, report finds
Cisco boosts Secure Application with added data, cloud security features
Upwind fortifies Cloud Security Platform with identity security
Cado Security teams up with Wiz to bolster cloud security solutions
Survey finds half of businesses planning to adopt AI
Top stories
Fortinet recognised as Challenger in Gartner's 2024 Magic Quadrant for SSE
Coalition integrates cyber risk platform with top cloud services providers
i-PRO to support Genetec SaaS with new AI-enabled camera models
Illumio unveils AI enhancements for faster Zero Trust Segmentation adoption
RiverSafe teams up with Cribl to boost IT & data security services