TNS
VOXPOP
Where are you using WebAssembly?
Wasm promises to let developers build once and run anywhere. Are you using it yet?
At work, for production apps
0%
At work, but not for production apps
0%
I don’t use WebAssembly but expect to when the technology matures
0%
I have no plans to use WebAssembly
0%
No plans and I get mad whenever I see the buzzword
0%
Cloud Native Ecosystem / Security / Software Development

Aqua Security’s Trivy Security Scanner Can Scan Anything Now

At KubeCon Europe, Aqua Security announced that its open source security scanner Aqua Trivy can scan cloud native-related resources such as source code, repositories, images, artifact registries, Infrastructure as Code templates, and Kubernetes environments.
May 24th, 2022 7:46am by
Featued image for: Aqua Security’s Trivy Security Scanner Can Scan Anything Now
Featured image by Gerd Altmann from Pixabay 

VALENCIA, Spain — At KubeCon EuropeAqua Security, the cloud native security provider, announced its open source security scanner Aqua Trivy can scan pretty much anything cloud native related. Such as what? Such as source code, repositories, images, artifact registries, Infrastructure-as-Code (IaC) templates, and Kubernetes environments. I like the sound of this!

Trivy merges multiple scanning programs into a single tool. Amir Jerbi, Aqua Security’s CTO and co-founder sees this as a great move forward. “Security professionals are overwhelmed with the number of tools they are required to use and consolidating tools where possible helps teams become more efficient,” he said.

Aqua claims it’s the most comprehensive vulnerability and misconfigurations scanner available for cloud native applications and infrastructure. I don’t know if I’d go that far, but the concept’s very attractive.

After all, if my developers can do most of their scanning for security blunders with one tool, that’s a lot easier than using a hodgepodge of other programs. This makes getting your team to buy into DevSecOps much easier.

Key Features

Its features include:

  • Scan proprietary and third-party code for issues using Integrated Developer Environment (IDE) plug-ins for JetBrains, VSCode, and vim to shift security further left.
  • Generate complete software bills of materials (SBOM) to provide transparency into software components and restore visibility to risks in the software supply chain.
  • Detect sensitive hardcoded secrets, like passwords, API keys, and tokens to prevent unauthorized access by threat actors.
  • Scan running Kubernetes clusters for a full life cycle view of risks, and audit for regulatory compliance.
  • Can integrate into continuous integration/continuous deployment (CI/CD)

Trivy will run on the Alpine Linux, the Debian/Ubuntu Linux family, Red Hat Enterprise Linux (RHEL), the SUSE Linuxes, and others. It also works with CI/CD programs such as GitHub Actions, Jenkins, and GitLab CI.

Trivy Premium

Trivy is also being integrated into the Aqua Platform as Trivy Premium. With this commercial offering, you get customer support, premium content, and centralized management for enterprise scalability.

Trivy Premium also offers increased vulnerability identification accuracy, thanks to premium threat intelligence, malware scanning, and the ability to scan standalone binaries. The last are applications, which are installed directly without the use of a package manager. Within the Aqua Platform, Trivy Premium also integrates with other platform modules like Cloud Security Posture Management (CSPM) and Runtime Protection for improved cloud native application life cycle protection.

Docker Desktop Integration

In addition, Trivy was recently integrated into Docker Desktop. If you’re using Desktop already this makes it even easier to bring vulnerability and risk scanning into your workflows.

Behind Trivy stands a large cloud native security community. With over 100,000 users, and with nearly 12,000 GitHub stars, it’s arguably the most popular vulnerability and risk scanner around. If I were in your shoes, I’d give the open source Trivy a try.

If you like what you see, sign up for a free trial of Trivy Premium on the Aqua Platform at Aquasec.com.

Group Created with Sketch.
TNS owner Insight Partners is an investor in: Docker, Aqua Security.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.