Aqua Blog

DevSecOps

Golang Scanning with Trivy: Detect Vulnerabilities Accurately

Golang Scanning with Trivy: Detect Vulnerabilities Accurately

A standard piece of security advice is to reduce the size of your container images, usually by using statically compiled binaries in a scratch or distroless container. However, that complicates container vulnerability scanning, because it becomes impossible to determine the versions of software installed in a …

Continue reading ›
Key Requirements for CWPP (Cloud Workload Protection Platforms)

Key Requirements for CWPP (Cloud Workload Protection Platforms)

Cloud Workload Protection Platforms (CWPPs), now part of the emerging category of Cloud Native Application Protection Platforms (CNAPPs), are designed to secure different types of cloud workloads — such as VMs, containers, and serverless functions — deployed in public, hybrid, or multi-cloud environments. In this …

Continue reading ›
A Brief Guide to Supply Chain Security Best Practices

A Brief Guide to Supply Chain Security Best Practices

With the rise in attacks targeting the supply chain of cloud native applications, it’s important to understand how you can prepare for and stifle risks that enter your environments through third-party packages and tools. This post outlines the top software supply chain security best practices that should be …

Continue reading ›
GitLab Case Study

How GitLab Innovates DevOps Security Using Aqua Trivy

Digital leaders must adapt, scale, and fine-tune their operations and the solutions they provide to their customers to keep up with market demands. GitLab provides a complete DevOps platform in a single application to help developers and engineers across all industries to be successful. With many high-profile …

Continue reading ›
Cloud Native Security

Cloud Native Best Practices: Security Policies in CI/CD Pipelines

With the continual leftward shifting movement of traditional DevOps responsibilities, organizations can now detect security issues earlier in the software development lifecycle (SDLC). Using CI/CD tools such as Jenkins, GoCD, or Bamboo, organizations can continually develop, test, and ship applications. As …

Continue reading ›
BeerSecOps Podcast

BeerSecOps: Podcasts About Dev, Sec, Ops, and Everything in Between

Steve Giguere is a DevSecOps Architect and Evangelist for Aqua. He spends his days working with organizations adopting cloud native technologies and how they can effectively secure their applications in the (relatively) new world of microservices. The evangelist part of him enjoys educating and learning from other …

Continue reading ›
DevSecOps

DevSecOps with Trivy and GitHub Actions

The premise of DevSecOps is that in the Software Development Life Cycle (SDLC), each member is responsible for security. This unifies the operations and development teams in terms of security operations. DevSecOps’ goal is to add security to each step of the development process by integrating security controls and …

Continue reading ›
Devsecops pipeline

Shift Security Left, Then Shift Up

Many of you may be familiar with the shift left security approach in which security is built in at an early stage of the application development life cycle. It is easier and more effective to do it early, rather than discover security issues later in the game, when applications are already deployed. When issues are …

Continue reading ›
DevSecOps Survey

DevSecOps in Forward-Thinking Organizations

The DevSecOps Day event during the recent RSA conference gathered IT and security professionals from around the globe. We used that opportunity to ask them how they see the fast-emerging discipline of DevSecOps. Since respondents were those who chose to attend a DevSecOps event, they represent a more advanced …

Continue reading ›
Container Security for DevSecOps

DevSecOps Will Ensure That Time-to-Market and Security Don’t Clash

According to a recent survey by Veracode, 52% of developers worry that application security will delay development and threaten deadlines. This is huge percentage, especially considering how crucial finding, fixing and preventing security vulnerabilities is to any development effort.

Continue reading ›
Container security in the enterprise DevSecOps

Survey: DevSecOps Own Enterprise Containerized Application Security

There’s a lot going on in the container world. Just last month we learned that Docker added Kubernetes support to their platform in a move that clearly indicates Kubernetes’ dominance in the container orchestration world. Prior to that, Kubernetes added RBAC Authorization and Support for Outbound Network Policies …

Continue reading ›

Subscribe to Email Updates

Popular Posts

Filter by Topic

Show more...