Over the past few years, the Aqua Trivy scanner has become a must-have tool in many developers’ toolkits, enabling them to easily shift left and secure artifacts before production. With a tremendous community of over 100,000 users and contributors from leading tech companies, Trivy is the most popular open source …
When running third-party applications in your cloud environments, you inherently put your workloads at greater risk. This is especially the case when the third-party software exposes some API function to the public web. Apache Struts 2 is a popular open source cross-platform web application framework, used by many …
The rise in software supply chain attacks presents a profound challenge to the cornerstone of DevOps practices: the heavy use and reuse of open source software (OSS). Aqua Security extends visibility into risks across the software stack – and helps teams maintain a clear view into their software bills of materials …
Digital innovation in the finance sector is an incredibly stressful proposition. The terms digital wallet and GDPR both fit into the same sentence; however, even this heavily regulated segment must turn to digital transformation to stay competitive and keep customers loyal. Enter Bayad, the largest multi-channel …
A core part of shifting security left is to check your artifacts and their dependencies for vulnerabilities as early in the dev lifecycle as possible. Whether you’re building your own container images or using third-party images, the Trivy Docker Desktop integration allows you to easily scan any container image …
In its recent Innovation Insight for SBOMs report,* Gartner highlights the benefits of using software bills of materials (SBOMs) to secure modern, fast-paced DevOps pipelines. SBOMs shed light on blind spots in the software supply chain by enumerating all proprietary and open source components and enable the effective …
![Package Planting: Are You [Unknowingly] Maintaining Poisoned Packages?](https://blog.aquasec.com/hubfs/04-22-Package-Planting-npm-blog-image.jpg)
Aqua’s Team Nautilus found a logical flaw in npm that allows threat actors to masquerade a malicious package as legitimate and trick unsuspecting developers into installing it. Up until recently, npm allowed adding anyone as a maintainer of the package without notifying these users or getting their consent. Since you …
What is the CISO approach to securing cloud native applications? Our recent survey of CISOs at Fortune 1000 companies gives a view into their perspectives on the critical security capabilities that allow for speed and agility while reducing friction between teams and preserving business continuity. According to the …
At Aqua, we believe that cloud native is an opportunity to do security right. With the release of our Terraform Provider, we’ve added another tool to do security the cloud native way. With Aqua Terraform Provider, security teams can easily adopt DevOps processes and infrastructure as code (IaC) to consistently …
With another Kubernetes release upon us, there are, as ever, a load of new features to consider. These include features to help companies use Windows containers securely and improvements in Kubernetes’ supply chain security. In this post, we’ll take a look at some of the more significant features of this release.
Today, cloud native platforms are increasingly using eBPF-based security technology. It enables the monitoring and analysis of applications’ runtime behavior by creating safe hooks for tracing internal functions and capturing important data for forensic purposes. Tracee is an open source runtime security and forensics …