Aqua Security announced its open source solution
Trivy now supports vulnerability scanning
for Kubernetes components in addition to Kubernetes Bill of Materials (KBOM)
generation. Now, companies can better understand the components within their
Kubernetes environment and how secure they are in order
to substantially reduce risk.
Kubernetes has been widely adopted across
enterprises worldwide, but according to Red
Hat, more than
half of companies are worried about Kubernetes security - in particular,
vulnerabilities and misconfigurations. Existing infrastructure scanners
scan the infrastructure for misconfigurations only and cannot analyze
Kubernetes components for vulnerabilities. With this new innovation in Aqua's open
source solution, Trivy is solving this challenge for the first
time.
Earlier in 2023, Aqua announced that Trivy
included KBOM generation.
Much like a Software Bill of Materials (SBOM), a KBOM is the manifest of all
the important components that make up your Kubernetes cluster: control plane
components, node components and add-ons, including their versions and images.
Aqua Trivy's Kubernetes vulnerability scanning is using KBOM to help
users understand how their cluster security changes over time, identify
security issues and know when to upgrade cluster components. The
visibility gained from KBOM generation and component vulnerability scanning is
not just important for companies running their own Kubernetes environments.
Those using a managed Kubernetes service also need this level of visibility and
security to determine if their service providers are using vulnerable
components that may put them at risk.
"Just as SBOM is critical for your application
security, KBOM is critical to your infrastructure security,"
said Itay Shakury, vice president of open source at Aqua Security.
"Now, with the ability to scan the actual Kubernetes infrastructure, in
addition to workloads and images, we are working toward the industry's first
complete Kubernetes vulnerability scanner. Aqua established itself as an early
innovator in Kubernetes security with successful tools like kube-bench
and kube-hunter, and our open source team continues to work
diligently to bring new, meaningful capabilities to our users."
Kubernetes vulnerability scanning is the latest
capability added to Trivy, the industry's most popular vulnerability and
risk scanner. With nearly 20,000 GitHub stars, Trivy has a thriving
community of users and contributors.
Developers can try Aqua Trivy's KBOM
generation today to scan their cluster resources for vulnerabilities. Aqua
always welcomes feedback and to improve the experience. More
information can be found in the Trivy KBOM documentation and on the
Aqua blog. Developers can also stay up to date with the latest developments via
the Aqua
Open Source Slack.
Additionally, all KBOM features will
be commercially available as part of Aqua's Kubernetes Security
Posture Management solution (KSPM) and as part of the Aqua
Platform in late November.