Pure cloud security provider Aqua Security has announced a number of updates to Aqua Trivy, making it the world’s first integrated cloud security scanner.
Combining multiple scanners into one tool, it is now the most widely used vulnerability and misconfiguration scanner for cloud applications and infrastructure. Trivy is also integrated into the Aqua platform in the form of Trivy Premium, which allows customers to expand their business by taking advantage of customer support, premium content and centralized management.
Trivy is now a tool for all cloud scanner needs, including source code, storage space, images, artifact records, Code Infrastructure (IaC) templates, and the Kubernetes environment. Due to the lack of controls, developers, DevOps and DevSecOps now have a more efficient and simplified tool for securing their cloud applications. They can integrate security into their workflow without having to leave their continuous integration or continuous deployment (CI / CD) environment.
New features include:
• Scan proprietary and third-party code to move security further left using the Integrated Developer Environment (IDE) plugins for JetBrains, VSCode, and VIM.
• Create a comprehensive software material calculation (SBOM) to ensure the transparency of software components and restore the visibility of risks in the software network.
• Detect hard-coded secrets such as passwords, API keys, and tokens to prevent unauthorized access by threats.
• Scan existing Kubernetes clusters, view the full risk life cycle, and conduct regulatory compliance audits.
Amir Gerby, CTO and founder of Aqua Security, said: “We are simplifying cloud security by integrating more cloud scanning objectives with Trivy like Kubernetes.
“It is packed with a large number of tools that security professionals need to use, and integrating as many tools as possible can help make the team more effective. The world’s most popular open source vulnerability scanner has now risen to another level. With Trivy’s improvements, developers have fewer tools to learn, use, manage, and maintain. “
Trivy Premium is now part of the Aqua Cloud Native Application Protection Platform (CNAPP), based on the reputation of Trivy Open Source, adding new centralized management capabilities and a user interface to meet the scalability and management needs of large organizations. Trivy Premium increases vulnerability due to its ability to spy on high-level spyware, malware, and scan individual binaries (programs installed directly without the use of a package manager). As part of the Aqua platform, Trivy Premium integrates with other platform modules such as Cloud Security Posture Management (CSPM) and Runtime Protection to fully protect cloud applications.
“Trivy Premium is a game changer for organizations that already know and love Trivy and want to use the best security tools to prevent it before an attack occurs,” Gerby said.
Trivy is the most comprehensive, easy-to-use open source scanner, covering more languages, operating system packages, and application dependencies than any other scanner. It scans quickly and independently without any preconditions for installation, and provides high-precision results that cover a wide and accurate range.
In May 2022, Trivy was integrated into the Docker Desktop, allowing users to build more reliable cloud applications by scanning for vulnerabilities and risks in the developer’s workflow and eliminating friction. Built on the largest cloud security community, Trivy, with 100,000 users and nearly 12,000 GitHub stars, is the world’s most popular vulnerability and risk scanner. It is designed for leading cloud platform vendors and DevOps projects such as GitLab, Artifact Hub and Harbor.