Download PDF version Contact company
Related Links

Aqua Security, the pure-play cloud native security pioneer, announces that Aqua’s open source Trivy vulnerability scanner is now available as an Aqua Security Trivy GitHub Action. The action integrates with GitHub code scanning so developers can build container image scanning into their GitHub Actions workflow to find and eliminate vulnerabilities before they reach production.

Code scanning was purpose-built with extensibility in mind,” said John Leon, VP of Business Development at GitHub. “We continue to expand our security ecosystem with solutions like Aqua, so developers can work with the security scanning technologies they want, all within the GitHub-native experience they love. Together, we’re making security easier for everyone.”

Actionable security reviews

GitHub code scanning integrates with GitHub Actions or users’ existing CI/CD environments and scans code as it’s created, surfacing actionable security reviews within pull requests and other GitHub experiences.

Developers must avoid deploying images that might harbor significant CVEs that attackers can exploit

The Aqua Security Trivy Action integration finds vulnerabilities (CVEs) in the OS package dependencies and language libraries built into a container image. Developers must avoid deploying images that might harbor significant CVEs that attackers can exploit. The Trivy Action alerts developers to known CVEs via the GitHub user interface to quickly and easily update these dependencies and eliminate the risk.

Ingesting security information

The Trivy Action generates output in a format called SARIF that GitHub supports for ingesting security information. The output from an image scan appears right in the GitHub code scanning UI, specifically under a project repository’s Security tab.

Developers are moving more applications into production, so we’re focused on helping them build securely without slowing down innovation,” said Liz Rice, VP of Open Source Engineering at Aqua. “The new Aqua Security Trivy GitHub Action brings container security scanning right into the GitHub interface that developers know and love.” The new Aqua Security Trivy Action is available on the GitHub Marketplace now. Follow this link to view a sample workflow of building a container image from a Dockerfile in the repository and running the Aqua Security Trivy code scanning over it.

Download PDF version Download PDF version

Related videos

DNAKE S-series video door phone

DNAKE S-series video door phone
Install in minutes, no tech required: DNAKE intercom kit IPK04 & IPK05

Install in minutes, no tech required: DNAKE intercom kit IPK04 & IPK05
Case study: Gunes Park Evleri̇, Turkey

Case study: Gunes Park Evleri̇, Turkey

In case you missed it

How can the industry do a better job of promoting emerging technologies in physical security environments?
How can the industry do a better job of promoting emerging technologies in physical security environments?

By all accounts, technology development is moving at a rapid pace in today's markets, including the physical security industry. However, market uptake of the newest technologies ma...

Dahua & KITT Engineering's LED screen innovations
Dahua & KITT Engineering's LED screen innovations

About a year and a half ago, Peter de Jong introduced Dahua to Fred Koks, General Manager of KITT Engineering. Since then, Dahua, KITT Engineering, and Ocean Outdoor have complete...

Protect assets with BCD's hybrid cloud NVR solutions
Protect assets with BCD's hybrid cloud NVR solutions

Like any retail franchise, car dealerships that have multiple locations nationwide require comprehensive, reliable, and scalable video surveillance solutions to protect their busin...

Featured white papers
Palm vein recognition

Palm vein recognition

Download
The key to unlocking K12 school safety grants

The key to unlocking K12 school safety grants

Download
Selecting the right network video recorder (NVR) for any vertical market

Selecting the right network video recorder (NVR) for any vertical market

Download
Physical access control

Physical access control

Download
Cybersecurity for enterprise: The essential guide to protecting your business

Cybersecurity for enterprise: The essential guide to protecting your business

Download
Quick poll
What is the most significant challenge facing smart building security today?
More product news
Synectics unveils COEX 4K camera range to provide sharp image quality for critical monitoring

Synectics unveils COEX 4K camera range to provide sharp image quality for critical monitoring
BIRD Aerosystems announces ASIO Holistic Solution for maritime and ground surveillance missions

BIRD Aerosystems announces ASIO Holistic Solution for maritime and ground surveillance missions
TRENDnet announces availability of Gigabit PoE+ smart surveillance switch series for purchase

TRENDnet announces availability of Gigabit PoE+ smart surveillance switch series for purchase
Featured products
Verkada Command Connector for Camera Integration & Cloud Management

Verkada Command Connector for Camera Integration & Cloud Management
Hikvision One-Stop SMB Solutions

Hikvision One-Stop SMB Solutions
Dahua X-spans Wizmind Network PTZ Camera

Dahua X-spans Wizmind Network PTZ Camera