Aqua Blog
Experts insight, best practices and advice on cloud native security, trends, threat intelligence and compliance
Devsecops pipeline

Shift Security Left, Then Shift Up

Many of you may be familiar with the shift left security approach in which security is built in at an early stage of the application development life cycle. It is easier and more effective to do it early, rather than discover security issues later in the game, when applications are already deployed. When issues are …

Continue reading ›
Kubernetes RBAC

Kubernetes RBAC: Asking for Forgiveness or Getting Permission

This blog is dedicated to my Mum. She was a leading psychiatrist who loved learning and traveling. She was a huge inspiration to me. I think she would be proud that I’m pursuing my passion of traveling around the world teaching what I love.

I want to start with a quote attributed to another inspiring woman, Grace …

Continue reading ›
IoT security

Building IoT Applications with Containers

At DockerCon earlier this month, Docker and Arm announced a joint venture in which new Docker-based solutions will be available to the Arm ecosystem. Docker and Arm touted this synergy as a way for developers to leverage containers, both remote and on-premises, in an easier way. There will be a common software …

Continue reading ›
Attending-KubeCon-Blog-650_315_1

Real-World Enterprise Security Experience at KubeSec Summit

For the second time, Aqua will host the KubeSec Enterprise Summit next week, together with our co-hosts AWS, Google Cloud, Microsoft Azure, and Red Hat. The event is co-located with KubeCon/CloudNativeCon in Barcelona and will take place on Monday, May 20th. Unlike other co-located events, this full day program …

Continue reading ›
Docker Image Vulnerability Scanning

CVE-2019-5021: Alpine Docker Image ‘null root password’ Vulnerability

A new vulnerability that impacts Alpine Docker images was published last week. The vulnerability is due to the ‘root’ user password which is set, by default, to NULL on Alpine Docker images from version 3.3 or higher.

Continue reading ›
Kubernetes operator

Aqua Operator: Automating Security for Kubernetes

Aqua recently developed a Kubernetes Operator that was successfully tested and validated by Red Hat standards for integration and supportability. Before we tell you about our new OpenShift-certified Operator, let’s get some context about what an Operator is.

Continue reading ›
container security

Vulnerabilities in the Container Ecosystem: A Brief History

Now that containers have been around for a few years and have had their share of disclosed vulnerabilities, it’s time to revisit some of the more interesting ones and see if there’s a recurring theme or any underlying trend to highlight.

Continue reading ›
Docker_Hub_Incident_2nologo

Docker Hub Unauthorized Access Incident: What You Should Know

A few days ago, Docker discovered that a database holding the credentials of some 190,000 Docker Hub accounts was exposed to unauthorized access (about 5% of all Docker Hub accounts). We’ve been getting questions from customers on this, so I wanted to set the record straight on what we know and what we recommend …

Continue reading ›
Knative_blog_post_5

Knative: The Serverless Environment for Kubernetes Fans

Knative is the newest member of serverless environments that is gaining significant interest and generating a great deal of hype in the Kubernetes/Cloud Native community. It’s an open source framework that was designed to enable the development and deployment of container-based serverless applications that are easy …

Continue reading ›
Kubernetes security

Security Configuration Benchmarks for Kubernetes

When you’re running Kubernetes, how do you know whether it’s configured securely? Kubernetes is a complex system, with several control plane components, each of which has numerous configuration parameters. In some cases, it’s clear that a parameter will have an impact on Kubernetes security – for example, providing …

Continue reading ›
Gartner--Container-Security2--BLOG-650_315

Gartner Names Container Security Among Top 10 Security Projects for 2019

In their recent research note, “Top 10 Security Projects for 2019”*, Gartner analysts highlighted ten initiatives that Security and Risk Management leaders should implement or improve in 2019. Container security is on this list.

Continue reading ›