Aqua Blog

Aqua Open Source

Detecting and Capturing Kernel Modules with Tracee and eBPF

Detecting and Capturing Kernel Modules with Tracee and eBPF

Security practitioners often need to investigate malicious artifacts in their environments, which can be challenging if those are deleted or loaded from memory. This is increasingly the case as threat actors are weaponizing Linux kernel modules to perform and hide their attacks. In this blog, we look into kernel …

Continue reading ›
06-22-CIS-Benchmark-Chain-Bench-blog-image-03-1

Audit Your Software Supply Chain for CIS Compliance with Chain-bench

The Center for Internet Security (CIS) has recently released the Software Supply Chain Security Guide, a set of practical, community-developed best practices for securing software delivery pipelines. As an initiator and one of the main contributors to this comprehensive and much-needed guidance, we at Aqua aim to help …

Continue reading ›
How to Secure Your Kubernetes Clusters with Trivy

How to Secure Your Kubernetes Clusters with Trivy

Last month at KubeCon Europe, we released new Kubernetes security scanning for Trivy. It allows you to scan running Kubernetes clusters and resources for misconfigurations directly through the Trivy CLI or by installing the Trivy Kubernetes Operator in a cluster. In this blog, we’ll demonstrate how to use Trivy to …

Continue reading ›
Trivy’s Journey Continues: First Unified Scanner for Cloud Native Security

Trivy’s Journey Continues: First Unified Scanner for Cloud Native Security

Over the past few years, the Aqua Trivy scanner has become a must-have tool in many developers’ toolkits, enabling them to easily shift left and secure artifacts before production. With a tremendous community of over 100,000 users and contributors from leading tech companies, Trivy is the most popular open source …

Continue reading ›
Detecting and Analyzing an Apache Struts Exploit with Tracee

Detecting and Analyzing an Apache Struts Exploit with Tracee

When running third-party applications in your cloud environments, you inherently put your workloads at greater risk. This is especially the case when the third-party software exposes some API function to the public web. Apache Struts 2 is a popular open source cross-platform web application framework, used by many …

Continue reading ›
Integrate OSS Container Vulnerability Data with Aqua and Sonatype Nexus

Integrate OSS Container Vulnerability Data with Aqua and Sonatype Nexus

The rise in software supply chain attacks presents a profound challenge to the cornerstone of DevOps practices: the heavy use and reuse of open source software (OSS). Aqua Security extends visibility into risks across the software stack – and helps teams maintain a clear view into their software bills of materials …

Continue reading ›
Unlimited Container Image Scanning in Docker Desktop with Trivy

Unlimited Container Image Scanning in Docker Desktop with Trivy

A core part of shifting security left is to check your artifacts and their dependencies for vulnerabilities as early in the dev lifecycle as possible. Whether you’re building your own container images or using third-party images, the Trivy Docker Desktop integration allows you to easily scan any container image …

Continue reading ›
New npm Flaws Let Attackers Better Target Packages for Account Takeover

New npm Flaws Let Attackers Better Target Packages for Account Takeover

For the past few years, cybercriminals have been hijacking popular npm packages by taking over maintainers’ accounts. As part of our research at Team Nautilus, we discovered two flaws in the npm platform related to two-factor authentication (2FA). An attacker can use these flaws to target npm packages for account …

Continue reading ›
Scan IaC Code in Dev with Trivy’s Extensions for VS Code and JetBrains

Scan IaC Code in Dev with Trivy’s Extensions for VS Code and JetBrains

When developing new software, a key element of improving security is providing security feedback as early and seamlessly as possible. One way to do this is embed security tools directly into the development environment. Recently, Aqua’s open source scanner Trivy has added this functionality, integrating with popular …

Continue reading ›
Empowering Developers to Succeed: How and Why I Joined Aqua

Empowering Developers to Succeed: How and Why I Joined Aqua

For the past few years, I’ve been dedicating my career to helping developers improve their skills and discover useful tools and communities. As the industry is moving from customer-driven to community-focused development, Aqua is embracing this shift. I’m excited to take on the role of Aqua’s developer advocate to …

Continue reading ›
Securing GitHub Actions with Trivy and Cosign

Securing GitHub Actions with Trivy and Cosign

One of the advantages of automated CI/CD pipelines is that they’re a great place to implement regular security controls and checks. Using GitHub Actions, it’s easy to improve the security of your containers by automating vulnerability scanning and digital signing of container images on a regular basis. In this post, …

Continue reading ›

Subscribe to Email Updates

Popular Posts

Filter by Topic

Show more...