Aqua Celebrates Open Source at Hacktoberfest

Aqua Celebrates Open Source at Hacktoberfest

It’s that time of the year again - for some people October is a month of beer, and for others (like us) it’s hacking time! Hacktoberfest, named after the famous German festival Oktoberfest, is a wonderful initiative that invites developers from around the world to participate and contribute to Open Source.

At Aqua, we believe open source is an essential part of our success and growth, and that by building open source projects and contributions we help improve security across the cloud native community.

As we enter October, we wanted to extend our appreciation for open source and the community by joining Hacktoberfest and reward you, the developers who make it happen. The idea is to encourage useful contributions to Aqua’s open source projects, such as new features, bug fixes, extended compatibility, performance enhancements, etc.

Here’s what we’re giving away

  • For 1 eligible contribution, you will receive our OSS superhero sticker pack.
  • For 3 eligible contributions, you will receive the OSS superhero sticker pack and a special edition Aqua Hacktoberfest t-shirt.
  • For 5 eligible contributions, you will receive the OSS superhero sticker pack, the special edition Aqua Hacktoberfest t-shirt, and the “Kubernetes Security” book, co-authored by Liz Rice, our VP Open Source Engineering.

Get to know our Open Source portfolio

Trivy is our open source container image vulnerability scanner. It uses a unique approach to collecting vulnerabilities and fixes which puts it on top when it comes to detection accuracy. Additionally, its support for a wide variety of operating systems, package managers, and build formats, makes it the ultimate open source container vulnerability scanner.

Kube-bench is our Kubernetes best practice benchmarking tool based on the established CIS Kubernetes Benchmark. It can scan for misconfigurations and potential issues with your installations and provide actionable solutions. We are also expanding kube-bench with other “benches”, such as docker-bench, linux-bench, and more to come.

Kube-hunter is our penetration testing tool for Kubernetes. This tool is a collection of procedures and techniques that try to find vulnerabilities and mis-configurations in your cluster that might expose it to attacks. As opposed to kube-bench, which checks configurations against best practices, kube-hunter uses actual attack scripts to see if your cluster is susceptible.

Kubectl-who-can is a kubectl plugin that complements kubectl’s built-in commands with a comprehensive report that helps assess who has which RBAC permissions to which resources in your cluster.

There’s plenty to do!

Feel free to browse our projects, review the open issues or open new ones, and start hacking.

Please review the contribution guidelines for each project before submitting a pull request – they define what we consider eligible for the above giveaways.


  • Do I need to sign up or send you my PRs?
    No, everyone who submitted a PR during October is technically participating.
  • What about PRs that were submitted before this post was announced?
    We will look at all PRs opened between 1-31 of October.
  • Does my PR need to be merged to participate?
    No, opening a PR that follows the contribution guidelines is enough to be considered.
  • How will I get my rewards?
    We will publish additional instruction on how to redeem your rewards on the Aqua blog.


Watch Liz Rice giving shout out to contributors
to Aqua Security's Open Source tools

Itay Shakury

Itay Shakury is VP Open Source at Aqua Security, where he leads engineering for open source, cloud native security solutions. Itay has some 20 years of professional experience in various software development, architecture and product management roles. Itay is also a CNCF Cloud Native Ambassador and is leading community initiatives such as the CNCF Tel Aviv group.