Aqua Blog

Infrastructure-as-Code (IaC)

Should You Use SLSA or CIS Software Supply Chain Security Guidelines?

Should You Use SLSA or CIS Software Supply Chain Security Guidelines?

With recent software supply chain attacks on the rise, CISOs being held personally liable, and the United States government requiring minimum security software standards for any products and services they procure, the development industry is refocusing on software development strategies that make security a priority. …

Continue reading ›
Aqua, HashiCorp Enable Cloud Native Security, Zero-Trust Approaches

Aqua, HashiCorp Enable Cloud Native Security, Zero-Trust Approaches

We’re delighted to announce our recent achievement of Premier tier status in HashiCorp’s partner ecosystem – a significant milestone in helping our mutual customers automate security and compliance as part of the cloud journey, and more effectively manage risk by shifting security left, securing the software supply …

Continue reading ›
Scan IaC Code in Dev with Trivy’s Extensions for VS Code and JetBrains

Scan IaC Code in Dev with Trivy’s Extensions for VS Code and JetBrains

When developing new software, a key element of improving security is providing security feedback as early and seamlessly as possible. One way to do this is embed security tools directly into the development environment. Recently, Aqua’s open source scanner Trivy has added this functionality, integrating with popular …

Continue reading ›
Shifting Left: Infrastructure as Code security with Trivy

Shifting Left: Infrastructure as Code security with Trivy

One of the great security benefits of the move to cloud native development is the increased use of Infrastructure as Code (IaC) to describe computing environments. Once things are described as code, we can shift left and secure our environments before they’re deployed. As a major new feature, the latest version of …

Continue reading ›
Taking IaC Security to the Next Level: Why TFsec Joined Aqua

Taking IaC Security to the Next Level: Why TFsec Joined Aqua

Coming from a software engineering background, we built tfsec to help developers like us scan their infrastructure-as-code (IaC) templates and prevent cloud misconfigurations from being deployed. Teams at the world’s leading organizations are now leveraging tfsec to “shift left” and introduce security earlier in the …

Continue reading ›