Aqua Blog

CI/CD

Securing GitHub Actions with Trivy and Cosign
February 10, 2022

Securing GitHub Actions with Trivy and Cosign

One of the advantages of automated CI/CD pipelines is that they’re a great place to implement regular security controls and checks. Using GitHub Actions, it’s easy to improve the security of your containers by automating vulnerability scanning and digital signing of container images on a regular basis. In this post, …

Continue reading ›
Tracee
June 09, 2021

Automatically Secure Your CI/CD Pipelines Using Tracee GitHub Action

In my previous post, I covered how you can secure your CI/CD pipeline with Tracee from potentially malicious code executions. We’re now releasing Tracee GitHub Action, which makes using Tracee a plug-n-play experience and doesn’t require any prior knowledge of eBPF or Docker. We’re also introducing a new capability to …

Continue reading ›
Vulnerability Management
May 13, 2021

Vulnerability Management in Container Images from Build to Runtime

When it comes to containerized workloads, resolving the underlying image's security vulnerabilities is paramount to ensuring the safety of your environment. Getting security risk information into the hands of developers quickly and efficiently is key to keeping development cycles as short as possible while maintaining …

Continue reading ›
Tracee Github Action
May 12, 2021

Detecting Malicious Activity in CI/CD Pipeline with Tracee

With the growing popularity of CI platforms to build software, bad actors are increasingly looking to exploit these environments to target organizations. In our post about the recent Codecov breach, we explored how an attacker was able to get access to credentials from within the CI/CD pipeline. To prevent this from …

Continue reading ›
container security alert
September 11, 2020

Threat Alert: Massive Cryptomining Campaign Abusing GitHub, Docker Hub, Travis CI & Circle CI

Aqua’s Team Nautilus detected an impressive campaign that set out to hijack resources to enable cryptocurrency mining. This operation focused on several SaaS software development environments, including Docker Hub, GitHub, Travis CI, and Circle CI, by abusing their automated build processes.

Continue reading ›
Cloud Native Security
January 22, 2020

Cloud Native Best Practices: Security Policies in CI/CD Pipelines

With the continual leftward shifting movement of traditional DevOps responsibilities, organizations can now detect security issues earlier in the software development lifecycle (SDLC). Using CI/CD tools such as Jenkins, GoCD, or Bamboo, organizations can continually develop, test, and ship applications. As containers …

Continue reading ›
Hybrid Cloud security
July 18, 2019

Securing Hybrid Cloud Workloads on Google Anthos

There are major shifts happening around container technology. We have seen ongoing improvements in automation tooling and changes as fully containerized workloads move into production. Companies are often running more than one production Kubernetes cluster at a time.  DevOps and operations teams, subsequently, have an …

Continue reading ›
Docker Image Scanning
June 28, 2019

Docker Image Scanning in your Codefresh Pipeline with Aqua

There are many benefits to implementing CI/CD platforms, such as enabling fast and frequent release cycles of software and applications, but with great speed comes great responsibility. It is crucial to add security controls around container image creation and deployment to ensure that your applications are properly …

Continue reading ›
Container Secuirty
September 03, 2018

Report by Gartner Highlights Maturing Options for Securing Containers

Gartner recently released a Technical Professional Advice report titled Container Security -- From Image Analysis to Network Segmentation, Options Are Maturing* (by Joerg Fritsch and Michael Isbitski, 28 August 2018), with a detailed analysis of the space, including open source tools and commercial solutions.

We're …

Continue reading ›
Blog-pic-Microscanner-Jenkins_2.png
June 13, 2018

Aqua MicroScanner: Free Image Vulnerability Scanning Plugin for Jenkins

A few weeks ago we released Aqua MicroScanner, a free vulnerability scanner that you can embed into the dockerfile and automate scanning during image build.

Continue reading ›
DevSecOps Survey
June 08, 2018

DevSecOps in Forward-Thinking Organizations

The DevSecOps Day event during the recent RSA conference gathered IT and security professionals from around the globe. We used that opportunity to ask them how they see the fast-emerging discipline of DevSecOps. Since respondents were those who chose to attend a DevSecOps event, they represent a more advanced segment …

Continue reading ›
All posts

Subscribe to Email Updates

CI/CD

Continuous integration (CI) and continuous delivery (CD) pipeline is the most modern and popular best practices used by DevOps teams in organizations of all sizes, to deliver code changes more frequently and reliably.

Automate container image scanning in Jenkins CI/CD pipelines to empower DevOps to detect and fix security issues early, and accelerate application deployment.

Learn more about Aqua's cloud native security platform integration with the most popular CI/CD tools All CI/CD integrations

Popular Posts

Filter by Topic

Show more...

    Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and accelerate their digital transformations. The Aqua Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads, wherever they are deployed.

    Aqua customers are among the world’s largest enterprises in financial services, software, media, manufacturing and retail, with implementations across a broad range of cloud providers and modern technology stacks spanning containers, serverless functions and cloud VMs.

Copyright © 2022 Aqua Security Software Ltd.