Aqua Blog

Image Vulnerability Scanning

Trivy VS Code Plugin

Using Trivy to Discover Vulnerabilities in VS Code Projects

For most of us developers, our container security protocol involves some sort of static image scan for vulnerabilities. Unfortunately, to do this usually involves jumping out of one type of software program, like a code editor, to open a completely separate tool to perform the scanning. Well, the open source team …

Continue reading ›
DzMLT Threat Alert

Threat Alert: An Attack Against a Docker API Leads To Hidden Cryptominers

Following an attack against a misconfigured Docker API port, the research team at Aqua Security performed an in-depth examination of the Docker Hub account from which the image was pulled. The examination was done by dynamically scanning for hidden threats in the container images hosted in that specific Docker Hub …

Continue reading ›
Open source vulnerability scanner

Trivy Image Vulnerability Scanner Now Under Apache 2.0 License

In our view, making security tools easy to use is one of the best ways to increase adoption and help end users improve the security of their deployments. One of the strengths of our open source vulnerability scanner for container images, Trivy, is that it’s very easy to install and to integrate into different …

Continue reading ›
Cloud Native Security

Cloud Native Best Practices: Security Policies in CI/CD Pipelines

With the continual leftward shifting movement of traditional DevOps responsibilities, organizations can now detect security issues earlier in the software development lifecycle (SDLC). Using CI/CD tools such as Jenkins, GoCD, or Bamboo, organizations can continually develop, test, and ship applications. As …

Continue reading ›
Vulnerability scanner for Harbor registry

Pluggable Image Vulnerability Scanners for Harbor

Harbor is an open source cloud native artifact registry, sponsored by the CNCF, that you can use as a repository for your container images. Harbor provides support for vulnerability scanning of images to make sure they are safe to deploy. We’ve been working with the Harbor team to extend its capabilities with …

Continue reading ›
Trivy Vulnerability Scanner

Trivy Vulnerability Scanner Joins the Aqua Family

If you’re interested in container image vulnerability scanning, there’s a good chance that you have come across the Trivy open source scanning tool. This project has been receiving rave reviews for its ease-of-use, as well as its comprehensive vulnerability tracking across both OS packages and language-specific …

Continue reading ›
Container Image Scanning

Scanning Image Layers, Prometheus, and Harbor Integrations

One of the key challenges in container image scanning is understanding where a vulnerability originated in an image, and who can fix it. Image layers allow us to do that, and Aqua’s scanner now allows us to pinpoint discovered vulnerabilities to a specific layer.

Continue reading ›
Docker image vulnerability scanning

Crypto-Mining Malware Outsmarting Image Scanners

In previous crypto-mining attacks, we observed hackers investing little to no effort in hiding their malicious activities. They just ran the malicious container with all of its scripts and configuration files in clear text. This made the analysis of their malicious intent fairly easy.

Continue reading ›
Docker Image Scanning

Docker Image Scanning in your Codefresh Pipeline with Aqua

There are many benefits to implementing CI/CD platforms, such as enabling fast and frequent release cycles of software and applications, but with great speed comes great responsibility. It is crucial to add security controls around container image creation and deployment to ensure that your applications are …

Continue reading ›
Devsecops pipeline

Shift Security Left, Then Shift Up

Many of you may be familiar with the shift left security approach in which security is built in at an early stage of the application development life cycle. It is easier and more effective to do it early, rather than discover security issues later in the game, when applications are already deployed. When issues are …

Continue reading ›
IoT security

Building IoT Applications with Containers

At DockerCon earlier this month, Docker and Arm announced a joint venture in which new Docker-based solutions will be available to the Arm ecosystem. Docker and Arm touted this synergy as a way for developers to leverage containers, both remote and on-premises, in an easier way. There will be a common software …

Continue reading ›