Download PDF version Contact company

Aqua Security, the pure-play cloud-native security provider announced multiple updates to Aqua Trivy, making it the world’s first unified scanner for cloud-native security.

Comprehensive misconfigurations scanner

Consolidating multiple scanning tools into a single tool, it is now the most comprehensive vulnerability and misconfigurations scanner for cloud-native applications and infrastructure.

Trivy is also being integrated into the Aqua Platform as Trivy Premium, through which customers can take advantage of customer support, premium content, and centralised management for enterprise scalability.

Aqua builds more capabilities into Trivy Open Source

Trivy is currently one tool for all cloud-native scanning needs including source code, repositories, images, etc

Trivy is currently one tool for all cloud-native scanning needs including source code, repositories, images, artifact registries, Infrastructure as Code (IaC) templates, and Kubernetes environments.

With fewer tools to manage, developers, DevOps, and DevSecOps have a more efficient, simplified tool to ensure the security of their cloud-native applications.

Trivy features

Trivy can integrate security into their workflows without having to leave their continuous integration or continuous deployment (CI/CD) environments.

New capabilities include the following:

  • Scan proprietary and third-party code for issues using Integrated Developer Environment (IDE) plug-ins for JetBrains, VSCode, and VIM to shift security further left.
  • Generate complete software bills of materials (SBOM) to provide transparency into software components and restore visibility to risks in the software supply chain.
  • Detect sensitive hardcoded secrets, like passwords, API keys, and tokens to prevent unauthorised access by threat actors.
  • Scan running Kubernetes clusters for a full life cycle view of risks, and audit for regulatory compliance.

Simplifying cloud-native security

With Trivy’s enhancements, developers have fewer tools to learn, use, manage and maintain"

By integrating more cloud-native scanning targets into Trivy, such as Kubernetes, we are simplifying cloud-native security,” said Amir Jerbi, CTO and co-founder of Aqua Security.

Security professionals are overwhelmed with the number of tools they are required to use and consolidating tools where possible helps teams become more efficient. The world’s most popular open-source vulnerability scanner is now elevated to another level. With Trivy’s enhancements, developers have fewer tools to learn, use, manage and maintain.”

Trivy Premium has enterprise-class capabilities

Trivy Premium, also part of the Aqua Cloud-Native Application Protection Platform (CNAPP), builds on the popularity of Trivy Open Source and adds new centralised management capabilities plus a user interface to meet the scalability and management needs of larger organisations.

Trivy Premium also offers increased vulnerability identification accuracy, due to premium threat intelligence, malware scanning, and the ability to scan standalone binaries (applications installed directly without the use of a package manager).

CSIM integration

As part of the Aqua Platform, Trivy Premium integrates with other platform modules like Cloud Security Posture Management (CSPM) and Runtime Protection for complete cloud-native application life cycle protection.

Trivy Premium is a game-changer for organisations who already know and love Trivy and want to leverage the best security tools from the start to prevent attacks before they happen,” said Jerbi.

The world’s most popular open-source scanner

Trivy provides fast, stateless scanning with no prerequisites for installation and delivers highly accurate results

Trivy is the most comprehensive, easy-to-use open-source scanner, covering more languages, OS packages, and application dependencies than any other scanner.

It provides fast, stateless scanning with no prerequisites for installation and delivers highly accurate results with broad and accurate coverage.

Secures cloud-native applications

In May 2022, Trivy was integrated into Docker Desktop to bring vulnerability and risk scanning into developer workflows, eliminating friction, so users can confidently build more secure cloud-native applications.

Trivy is built on the largest cloud-native security community, and with 100,000 users, and with nearly 12,000 GitHub stars, it is the most popular vulnerability and risk scanner in the world. It has been adopted by leading cloud platform providers and for DevOps projects like GitLab, Artifact Hub, and Harbor.

Download PDF version Download PDF version

In case you missed it

How can the industry do a better job of promoting emerging technologies in physical security environments?
How can the industry do a better job of promoting emerging technologies in physical security environments?

By all accounts, technology development is moving at a rapid pace in today's markets, including the physical security industry. However, market uptake of the newest technologies ma...

Dahua & KITT Engineering's LED screen innovations
Dahua & KITT Engineering's LED screen innovations

About a year and a half ago, Peter de Jong introduced Dahua to Fred Koks, General Manager of KITT Engineering. Since then, Dahua, KITT Engineering, and Ocean Outdoor have complete...

Protect assets with BCD's hybrid cloud NVR solutions
Protect assets with BCD's hybrid cloud NVR solutions

Like any retail franchise, car dealerships that have multiple locations nationwide require comprehensive, reliable, and scalable video surveillance solutions to protect their busin...