Aqua Blog

Open Source

Trivy’s Journey Continues: First Unified Scanner for Cloud Native Security

Trivy’s Journey Continues: First Unified Scanner for Cloud Native Security

Over the past few years, the Aqua Trivy scanner has become a must-have tool in many developers’ toolkits, enabling them to easily shift left and secure artifacts before production. With a tremendous community of over 100,000 users and contributors from leading tech companies, Trivy is the most popular open source …

Continue reading ›
Detecting and Analyzing an Apache Struts Exploit with Tracee

Detecting and Analyzing an Apache Struts Exploit with Tracee

When running third-party applications in your cloud environments, you inherently put your workloads at greater risk. This is especially the case when the third-party software exposes some API function to the public web. Apache Struts 2 is a popular open source cross-platform web application framework, used by many …

Continue reading ›
Integrate OSS Container Vulnerability Data with Aqua and Sonatype Nexus

Integrate OSS Container Vulnerability Data with Aqua and Sonatype Nexus

The rise in software supply chain attacks presents a profound challenge to the cornerstone of DevOps practices: the heavy use and reuse of open source software (OSS). Aqua Security extends visibility into risks across the software stack – and helps teams maintain a clear view into their software bills of materials …

Continue reading ›
Unlimited Container Image Scanning in Docker Desktop with Trivy

Unlimited Container Image Scanning in Docker Desktop with Trivy

A core part of shifting security left is to check your artifacts and their dependencies for vulnerabilities as early in the dev lifecycle as possible. Whether you’re building your own container images or using third-party images, the Trivy Docker Desktop integration allows you to easily scan any container image …

Continue reading ›
New npm Flaws Let Attackers Better Target Packages for Account Takeover

New npm Flaws Let Attackers Better Target Packages for Account Takeover

For the past few years, cybercriminals have been hijacking popular npm packages by taking over maintainers’ accounts. As part of our research at Team Nautilus, we discovered two flaws in the npm platform related to two-factor authentication (2FA). An attacker can use these flaws to target npm packages for account …

Continue reading ›
Scan IaC Code in Dev with Trivy’s Extensions for VS Code and JetBrains

Scan IaC Code in Dev with Trivy’s Extensions for VS Code and JetBrains

When developing new software, a key element of improving security is providing security feedback as early and seamlessly as possible. One way to do this is embed security tools directly into the development environment. Recently, Aqua’s open source scanner Trivy has added this functionality, integrating with popular …

Continue reading ›
Empowering Developers to Succeed: How and Why I Joined Aqua

Empowering Developers to Succeed: How and Why I Joined Aqua

For the past few years, I’ve been dedicating my career to helping developers improve their skills and discover useful tools and communities. As the industry is moving from customer-driven to community-focused development, Aqua is embracing this shift. I’m excited to take on the role of Aqua’s developer advocate to …

Continue reading ›
Securing GitHub Actions with Trivy and Cosign

Securing GitHub Actions with Trivy and Cosign

One of the advantages of automated CI/CD pipelines is that they’re a great place to implement regular security controls and checks. Using GitHub Actions, it’s easy to improve the security of your containers by automating vulnerability scanning and digital signing of container images on a regular basis. In this post, …

Continue reading ›
Identify Security Risks in AWS CloudFormation Templates with Trivy

Identify Security Risks in AWS CloudFormation Templates with Trivy

Aqua Security’s open source project Trivy now includes scanning of AWS CloudFormation templates to help developers better identify and remediate security issues within infrastructure as code (IaC) templates. Building on the technology and rule sets behind our popular open source project tfsec, Trivy now allows …

Continue reading ›
Welcome to Aqua’s Open Source Community on Slack!

Welcome to Aqua’s Open Source Developer Slack Community!

We’re lucky to have an outstanding open source community with contributors who help us build leading open source cloud native security tools. Over the years, the community has in many ways shaped the direction of what we do. To drive this engagement further, we’re excited to launch our Slack workspace to make it …

Continue reading ›
Tracee Runtime Security Series:  Writing Custom Tracee Rules

Tracee Runtime Security Series: Writing Custom Tracee Rules

As an open source runtime security tool, Tracee provides a base rule set that can detect a variety of attacks. However, there’s often the need to add new rules either to contribute to the project or to provide specific rules for your environment. Because Tracee allows for new rules to be written in Rego and Golang, …

Continue reading ›

Subscribe to Email Updates

Popular Posts

Filter by Topic

Show more...