Aqua Blog

Liz Rice

Liz Rice
Liz Rice was the VP of Open Source Engineering at Aqua Security.
Four Amazing Years at Aqua!

Four Amazing Years at Aqua!

What were you doing four years ago?

Perhaps in 2017 you were, like many people, entirely unaware of the way that containers and cloud computing would take the world by storm. Back then, there were companies just taking baby steps towards containerization – don’t feel bad if you were running one container per virtual …

Continue reading ›
Vulnerability Scanning for Kubernetes Applications: Why and How

Vulnerability Scanning for Kubernetes Applications: Why and How

If you’re looking to improve the security posture of your Kubernetes applications, you can get a lot of bang for your buck with vulnerability scanning. In this blog, I’ll talk about the fundamentals of scanning container images: how to pick a vulnerability scanner, when to use it in the application pipeline, and why …

Continue reading ›
Boosting Container Security with Rootless Containers

Boosting Container Security with Rootless Containers

If there is a single best practice for container security, it is to avoid running containers as root. Rootless containers are making this much easier – almost effortless, even. In this blog, I’ll talk about why you should be avoiding root in containers, what rootless containers are, and how they are going to help.

Continue reading ›
Starboard: The Kubernetes-Native Toolkit for Unifying Security

Starboard: The Kubernetes-Native Toolkit for Unifying Security

There are lots of security tools in the cloud native world, created by Aqua and by others, for identifying and informing users about security issues in Kubernetes environments. However powerful and useful they might be, they tend to sit alongside Kubernetes, with each new product requiring users to learn a separate …

Continue reading ›
Trivy Image Vulnerability Scanner Now Under Apache 2.0 License

Trivy Image Vulnerability Scanner Now Under Apache 2.0 License

In our view, making security tools easy to use is one of the best ways to increase adoption and help end users improve the security of their deployments. One of the strengths of our open source vulnerability scanner for container images, Trivy, is that it’s very easy to install and to integrate into different …

Continue reading ›
Tracee: Tracing Containers with eBPF

Tracee: Tracing Containers with eBPF

This week at Velocity Berlin, I’ll be giving a talk called A Beginner’s Guide to eBPF. To coincide with it, we’re opening up a new Aqua Security open source project called Tracee, which uses eBPF to trace events in containers. This isn’t something that most developers need to do on a day-to-day basis, but for those of …

Continue reading ›
Trivy Vulnerability Scanner Joins the Aqua Open-source Family

Trivy Vulnerability Scanner Joins the Aqua Open-source Family

If you’re interested in container image vulnerability scanning, there’s a good chance that you have come across the Trivy open source scanning tool. This project has been receivingravereviewsfor its ease-of-use, as well as its comprehensive vulnerability tracking across both OS packages and language-specific …

Continue reading ›
Kubernetes RBAC: Asking for Forgiveness or Getting Permission

Kubernetes RBAC: Asking for Forgiveness or Getting Permission

This blog is dedicated to my Mum. She was a leading psychiatrist who loved learning and traveling. She was a huge inspiration to me. I think she would be proud that I’m pursuing my passion of traveling around the world teaching what I love.

I want to start with a quote attributed to another inspiring woman, Grace …

Continue reading ›
Security Configuration Benchmarks for Kubernetes

Security Configuration Benchmarks for Kubernetes

When you’re running Kubernetes, how do you know whether it’s configured securely? Kubernetes is a complex system, with several control plane components, each of which has numerous configuration parameters. In some cases, it’s clear that a parameter will have an impact on Kubernetes security – for example, providing …

Continue reading ›
Kube-hunter - an open source tool for Kubernetes penetration testing

Kube-hunter - an open source tool for Kubernetes penetration testing

Aqua released a free tool called kube-hunter to help with Kubernetes SecurityYou give it the IP or DNS name of your Kubernetes cluster, and kube-hunter probes for security issues - it’s like automated penetration testing. 

Continue reading ›
AWS Fargate Security with Sidecars

AWS Fargate Security with Sidecars

A few months ago we launched the Aqua MicroEnforcer, the first solution for providing runtime protection to a container running in Containers-as-a-Service platforms like AWS Fargate or Azure Container Instances. The mechanism I wrote about at the time involved building a protected version of a container image being …

Continue reading ›