Download PDF version Contact company

Aqua Security, the pure-play cloud native security solutions provider, has announced that Aqua Trivy is now the default scanner for GitLab Auto DevOps.

Customers can now automatically scan the GitLab CI pipeline for OS package vulnerabilities. This change will take place as part of GitLab’s 14.0 release and is based on the results of a publicly available solution comparison and research process.

Aqua Trivy open source scanner

One of the primary reasons behind the default scanner change was the ease of use with Trivy compared to alternative open source scanner options,” said Sam White, Sr. Product Manager at GitLab.

Sam White adds, “Other scanners often require two services or more to be up and running, before they can even start a scan. Trivy is simple and efficient. Trivy bundles the vulnerability database together with the scanner, and that’s one less service that we then have to start up and maintain.” 

Collaboration with the open source engineering team was also a critical factor. Sam White said, “The Trivy project lead has been great to work with. It's been night and day compared to some interactions that we've had with other security vendors. The close collaboration has been invaluable to us.” 

GitLab integration with Aqua Trivy and Starboard

With the integration of GitLab with Trivy and Starboard, we're aiming to provide an ‘on-by-default’ type of scenario"

The partnership with Aqua Trivy will continue with roadmap plans to scan containers running in production using Trivy with Aqua Starboard, Aqua’s open source Kubernetes Security toolkit. Moving forward, both Aqua Trivy and Aqua Starboard will form a fundamental part of GitLab’s Auto DevOps roadmap, enabling users with best-in-class default security options. 

With the integration of GitLab with Trivy and Starboard, we're aiming to provide an ‘on-by-default’ type of scenario, where if you're using Auto DevOps to deploy into production, we're running those scans by default and giving you the results,” said Sam White. 

He adds, “GitLab and Aqua Security can enable that as a default out-of-the-box configuration, rather than something that users have to stitch together on their own.

Open source vulnerability scanning

Itay Shakury, Director of Open Source, Aqua Security, said “This partnership provides both Aqua and GitLab users, access to the comprehensive security tools that they need to successfully shift left.

Itay Shakury adds, “GitLab’s customers now have access to the best in open source vulnerability scanning, while the Aqua Trivy community can benefit from the powerful input and feedback from GitLab and its users. We’re looking forward to building the relationship further and allowing GitLab to leverage additional open source projects, like Aqua Starboard, to better schedule scan jobs in production environments.

Download PDF version Download PDF version

In case you missed it

Anviz Global expands palm vein tech for security
Anviz Global expands palm vein tech for security

The pattern of veins in the hand contains unique information that can be used for identity. Blood flowing through veins in the human body can absorb light waves of specific wavelen...

Bosch sells security unit to Triton for growth
Bosch sells security unit to Triton for growth

Bosch is selling its Building Technologies division’s product business for security and communications technology to the European investment firm Triton. The transaction enc...

In age of misinformation, SWEAR embeds proof of authenticity into video data
In age of misinformation, SWEAR embeds proof of authenticity into video data

The information age is changing. Today, we are at the center of addressing one of the most critical issues in the digital age: the misinformation age. While most awareness of thi...

Quick poll
What is the most significant challenge facing smart building security today?