Aqua Blog

Aqua Open Source

Empowering Developers to Succeed: How and Why I Joined Aqua

Empowering Developers to Succeed: How and Why I Joined Aqua

For the past few years, I’ve been dedicating my career to helping developers improve their skills and discover useful tools and communities. As the industry is moving from customer-driven to community-focused development, Aqua is embracing this shift. I’m excited to take on the role of Aqua’s developer advocate to …

Continue reading ›
Securing GitHub Actions with Trivy and Cosign

Securing GitHub Actions with Trivy and Cosign

One of the advantages of automated CI/CD pipelines is that they’re a great place to implement regular security controls and checks. Using GitHub Actions, it’s easy to improve the security of your containers by automating vulnerability scanning and digital signing of container images on a regular basis. In this post, …

Continue reading ›
Identify Security Risks in AWS CloudFormation Templates with Trivy

Identify Security Risks in AWS CloudFormation Templates with Trivy

Aqua Security’s open source project Trivy now includes scanning of AWS CloudFormation templates to help developers better identify and remediate security issues within infrastructure as code (IaC) templates. Building on the technology and rule sets behind our popular open source project tfsec, Trivy now allows …

Continue reading ›
Welcome to Aqua’s Open Source Developer Slack Community!

Welcome to Aqua’s Open Source Developer Slack Community!

We’re lucky to have an outstanding open source community with contributors who help us build leading open source cloud native security tools. Over the years, the community has in many ways shaped the direction of what we do. To drive this engagement further, we’re excited to launch our Slack workspace to make it …

Continue reading ›
Tracee Runtime Security Series: Writing Custom Tracee Rules

Tracee Runtime Security Series: Writing Custom Tracee Rules

As an open source runtime security tool, Tracee provides a base rule set that can detect a variety of attacks. However, there’s often the need to add new rules either to contribute to the project or to provide specific rules for your environment. Because Tracee allows for new rules to be written in Rego and Golang, …

Continue reading ›
Golang Scanning with Trivy: Detect Vulnerabilities Accurately

Golang Scanning with Trivy: Detect Vulnerabilities Accurately

A standard piece of security advice is to reduce the size of your container images, usually by using statically compiled binaries in a scratch or distroless container. However, that complicates container vulnerability scanning, because it becomes impossible to determine the versions of software installed in a …

Continue reading ›
Tracee Runtime Security Series: Centralizing Alerts with Aqua Postee

Tracee Runtime Security Series: Centralizing Alerts with Aqua Postee

A great way to get started with runtime security in your Kubernetes environments is using Tracee, an open source runtime security and forensics tool for Linux. But as with any alerting and monitoring service, it’s necessary to send alerts to a central point to help operations teams keep track of what’s happening …

Continue reading ›
Tracee Runtime Security Series: Easy Installation on Kubernetes

Tracee Runtime Security Series: Easy Installation on Kubernetes

Despite best efforts to harden Kubernetes environments, prevention will never be enough and attackers are finding ways to evade shift-left and other preventative capabilities. It is critical to be able to detect and respond in real time to attacks within Kubernetes clusters. Tracee, an open source runtime security …

Continue reading ›
The Story of Tracee: The Path to Runtime Security Tool

The Story of Tracee: The Path to Runtime Security Tool

eBPF technology is seeing strong growth, being widely adopted in the cloud native ecosystem for monitoring, networking, and security goals. At Aqua, along with being used in commercial products, eBPF powers our open source project Tracee to detect events in running containers.

Continue reading ›
Simplifying Our Open Source Contributor License Agreement

Simplifying Our Open Source Contributor License Agreement

At Aqua, we develop leading open source security tools, which are widely adopted by the cloud native community and industry at large. To us, open sourcing our technology is more than just making its source code available, it’s about making the project widely used and encouraging people to participate. Beyond using a …

Continue reading ›
Using CO:RE to Achieve Portable Tracee eBPF Code

Using CO:RE to Achieve Portable Tracee eBPF Code

One of the biggest challenges of eBPF development is distribution of your eBPF project. With so many different versions of the Linux kernel out in the wild, it seems like an impossible task to compile your eBPF program against all of them to ensure compatibility. However, by using CO:RE, a feature of libbpf, this gets …

Continue reading ›