SBOM (Software Bill of Materials) is an accepted best practice to map the components and dependencies of your applications in order to better understand your applications’ risks. SBOMs are used as a basis for vulnerability assessment, licensing compliance, and more. There are plenty of available tools, such as Aqua …

The adoption of cloud native technologies has become a cornerstone to helping businesses build and run applications. Cloud computing has revolutionized the way organizations design, develop, deploy, and manage their applications. While it has brought many benefits such as scalability, flexibility, and agility, it has …

Millions of GitHub repositories are potentially vulnerable to RepoJacking. New research by Aqua Nautilus sheds light on the extent of RepoJacking, which if exploited may lead to code execution on organizations’ internal environments or on their customers’ environments. As part of our research, we found an enormous …

It’s humbling to see customers adopt Aqua’s cloud security vision. It’s humbling to see our predictions come true, doubly so when competitors start to follow us. The proof came over the last few months as cloud visibility vendors either released their own agent or partnered with an agent provider. This validates what …

Enabling Customers with Visibility and Remediation at Scale As the pioneer in cloud native security, Aqua has been at the forefront of CNAPP innovation. Today, we are pleased to announce our integration with Amazon Security Lake.  This integration allows customers the insights needed to determine their risk posture …

The move to cloud native changed the daily operations of security teams. This shift requires teams to monitor the risk embedded within cloud environments, which increases the noise level, and piles up thousands of security issues to handle. This new reality requires different measures to handle relevant incidents …

What if someone handed you a static picture of a highway and asked you to drive using only the picture? Would you still drive even if you knew you could not see all the traffic around you? 

Yet traditional CSPM solutions show the state of your environment as a snapshot in time, usually once per day, only giving you …

What if you could prevent an attack like SolarWinds in a few easy steps? Since sophisticated software supply chain attacks usually hide in legitimate build processes and code updates, they’re often missed by regular code scanning tools. To counter these threats, we’re excited to announce pipeline integrity scanning —

RSA 2023 revealed a much-needed change in perception: cloud native security requires one integrated approach. Finally, a consensus. If you care about cloud security, you care about the lifecycle of your cloud applications. This lifecycle has two fundamental parts: building applications and running them. To secure your …

What if you were told that you had a misconfigured registry with hundreds of millions of software artifacts containing highly confidential and sensitive proprietary code and secrets exposed in your environment right now? This would be what you’d call a really bad day for security. Recently, the Aqua Nautilus research …