Aqua Security announced the addition
of cloud security posture management (CSPM) capabilities to the open source
tool Aqua Trivy. Trivy, the world's most used developer tool for scanning cloud
native assets, now provides one easy to-use-tool for scanning all cloud native
applications to detect and prioritize risks.
Initially available for AWS cloud users with other
cloud provider support coming soon, users can now scan their AWS accounts to
identify misconfigurations and insider threats to ensure security and
compliance with CIS Benchmarks. Now more teams can benefit from standardizing
security efforts on a single, unified scanner to enforce consistent policies
across the full cloud native application lifecycle.
"This is the next step in our mission to simplifying
cloud native security for the community," said Itay Shakury, director of open
source, Aqua Security. "Trivy is making cloud security accessible and easy for
everyone through the power of Open Source. We have been steadily releasing more
and more security capabilities to the community through Trivy, and today we're
excited to bring the Trivy experience to cloud and AWS users."
With accelerating cloud adoption accelerating and
a widening skills gap, organizations are challenged to manage the multitude of
configurations and keep their cloud footprints secure. The addition of CSPM
capabilities to Aqua Trivy empowers AWS customers with fast, effective scanning
and visibility for live environments.
"Aqua's open source team is constantly innovating
to bring best-of-breed capabilities to users, and the addition of AWS cloud
configuration scanning further solidifies Trivy as the single scanner for all
cloud native infrastructure and applications," said Shakury. "We plan to add
more cloud providers and more security frameworks, as we continue working to
add value for our users and help them prevent attacks on cloud native
environments."
Unlike built-in cloud tools, users can define
their own rules or browse and select from the Trivy community's catalog of
standards and policies. Because Trivy already had built-in misconfiguration
rules for infrastructure as code (IaC) scanning, users benefit from having
rules that are consistent across IaC definitions and production environments.
As a bonus, Trivy can be used to identify AWS issues when infrastructure is
defined with Terraform or CloudFormation.
The World's First Unified Scanner for Cloud Native
Security
Trivy is the most comprehensive, easy-to-use open
source vulnerability and risk scanner, covering more languages, OS packages and
application dependencies than any other open source scanner. It provides fast,
stateless scanning with no prerequisites for installation and delivers highly
accurate results with broad coverage. Trivy is built on the largest cloud
native security community, and with tens of thousands of users and over 20,000
combined GitHub stars, it is also the most popular vulnerability and risk
scanner in the world and has been adopted by leading cloud platform providers
and for DevOps projects like GitLab, Artifact Hub, and Harbor.
Aqua recently announced
Trivy had become the world's first unified scanner for cloud native security.
Practitioners are overwhelmed with the number of scanning tools available, and
Trivy solves that challenge by consolidating them into one. The result is
better visibility, less operational overhead, and a simplified experience to secure
cloud native applications. With fewer tools to manage, developers, DevOps and
DevSecOps now have a more efficient, simplified tool for scanning source code,
repositories, images, artifact registries, IaC templates and Kubernetes
environments - all to secure cloud native applications. In May 2022, Trivy was
integrated into Docker Desktop to bring vulnerability and risk scanning into developer workflows and
eliminate friction, so users can confidently build more secure cloud native
applications.