What To Know: A Summary of the Compliance Guide to SSDF

Aqua Cloud Native Blog \ Tags: SBOMs

NIST has recently researched, defined, and released an entirely new standard for incorporating security into the software development lifecycle called The Secure Software Development Framework. It was uniquely designed to help address the tremendous gaps in software supply chain security that expose organizations to methodical attacks on an organization’s code, infrastructure, development toolchain, and dependencies. …

SOFTWARE SUPPLY CHAIN SECURITY

Should You Use SLSA or CIS Software Supply Chain Security Guidelines?

With recent software supply chain attacks on the rise, CISOs being held personally liable, and the United States government requiring minimum security software standards for any products and services they procure, the development industry is refocusing on software development strategies that make security a priority. But with so many reputable sources creating guidance, which is …

Uncategorized

Achieve Software Supply Chain Compliance with US Executive Order 14028

Thanks to many factors like the rise of the cloud infrastructure, the abundance of prebuilt open-source code, and process improvements in DevOps, innovating with software is happening faster than ever. The software supply chain is the assembly line for these technological innovations and can be thought of as any combination of code, tools, and processes …

VULNERABILITY MANAGEMENT

Find the New OpenSSL Vulnerabilities with Trivy

Today, OpenSSL announced two new CVEs and mitigation recommendations. This blog provides guidance as to how you can identify the Open SSL vulnerability using Trivy. To both identify and mitigate the vulnerability, see this blog post Updated Security Advisory: New OpenSSL Vulnerabilities about mitigation with assurance policies in Aqua’s software supply chain solution.

SOFTWARE SUPPLY CHAIN SECURITY

Gartner Report for SBOMs: Key Takeaways You Should Know

In its recent Innovation Insight for SBOMs report,* Gartner highlights the benefits of using software bills of materials (SBOMs) to secure modern, fast-paced DevOps pipelines. SBOMs shed light on blind spots in the software supply chain by enumerating all proprietary and open source components and enable the effective mitigation of risks. Without this visibility, organizations’ …

AQUA OPEN SOURCE

Software Supply Chain Security with Trivy: Generating SBOMs

Trivy is an easy-to-use, comprehensive open source scanner that helps developers gain visibility into the software components used in their applications. With the growing awareness about supply chain security, software bills of materials (SBOMs) have become the standard for creating software inventory lists. To simplify this process, Trivy recently added support for generating SBOMs as …

Need to secure enterprise workloads?

Aqua Cloud Native Application Protection Platform (CNAPP)

Go cloud native with the experts!

Get Demo

Aqua Security

Aqua Security stops cloud native attacks across the application lifecycle and is the only company with a $1M Cloud Native Protection Warranty to guarantee it. As the pioneer in cloud native security, Aqua helps customers reduce risk while building the future of their businesses. The Aqua Platform is the industry's most integrated Cloud Native Application Protection Platform (CNAPP), protecting the application lifecycle from code to cloud and back. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL with Fortune 1000 customers in over 40 countries.

Use Cases

Environments

Partners

Resources

About Us

Get in Touch

Products

Get Started