Aqua Security’s Trivy integrates with Docker Desktop to help developers easily identify vulnerabilities

Aqua Security, the globally renowned pure-play cloud native security provider, has announced that it has joined the Docker Extensions programme, to allow developers to easily check their resources and dependencies for vulnerabilities.

Docker Extensions demonstrates Docker Inc.’s commitment to improving the developer experience, by bringing the tools that developers use the most, to an environment where they can more easily focus on innovation, and less time on everything else.

Aqua – Docker partnership

Now with Aqua Trivy, Docker users can quickly scan both their own resources and third-party code and container images for vulnerabilities, so they can prevent attacks and remain focused on innovation.

Amir Jerbi, the Chief Technology Officer (CTO) at Aqua Security, said “Aqua was one of the first third-party vendors to provide security controls for Docker container environments, and we continue to expand capabilities, to provide new value for this important user community.”

Aqua Trivy - Docker Desktop integration      

This new integration brings the power of Aqua’s open source community to Docker Desktop users"

He adds, “This new integration brings the power of Aqua’s open source community to Docker Desktop users, making it easier to secure Docker environments and stop attacks, with industry-leading vulnerability scanning through Trivy.”

The new extension enables Docker Desktop users to access Trivy directly through the dashboard — no CLI needed — to quickly and easily parse and scan an unlimited number of container images. Scan results include vulnerability findings for both operating systems and programming language packages.

Aqua’s Trivy Extension for Docker Desktop

Aqua’s Trivy Extension for Docker Desktop brings vulnerability scanning right into developer workflows, eliminating friction, so they can confidently build more secure cloud native applications. Trivy is the most comprehensive, easy-to-use vulnerability scanner, covering more languages, OS packages and application dependencies than other scanners. It provides fast, stateless scanning with no pre-requisites for installation, and delivers highly accurate results, with broad and accurate coverage.

“Docker is obsessed with developer ergonomics and is committed to filling, and improving the developer experience gap,” said Webb Stevens, the Senior Vice President (SVP) of Secure Software Supply Chain, at Docker Inc., adding “We welcome Aqua Security to the Docker Extension marketplace, expanding the applications and capabilities available for millions of registered Docker developers.”

Docker Extensions

Docker Extensions allow developers to easily discover and integrate new functionality and additional developer tools into Docker Desktop. With Docker Extensions, they can add de-bugging, testing, networking, security, and other tools to their Docker Desktop installation, in order to support development workflow and improve productivity.

Docker Extensions offer a breadth of familiar experiences that integrate with Docker Desktop, so they can speed up innovation, without having to learn new patterns. Docker Extensions are built with the developer experience in mind and include official tools built by Docker Inc. and the company’s trusted ecosystem partners, so as to give developers the convenience and flexibility to create workflows that meet their individual development needs.