Aqua Blog

Software Supply Chain Security

Navigating Container Security within the FedRAMP Guidelines

Navigating Container Security within the FedRAMP Guidelines

The digital transformation journey of many organizations heavily leans on cloud technologies. As they migrate to the cloud, adhering to stringent security protocols becomes paramount. Enter FedRAMP(R) (Federal Risk and Authorization Management Program). It's a government-wide initiative designed to provide a …

Continue reading ›
Aqua Ensures Software Integrity, Earns Top Analyst Recognition

Aqua Ensures Software Integrity, Earns Top Analyst Recognition

The integrity of software continues to be a significant and evolving threat for organizations to protect valuable digital infrastructure and data. Attackers are constantly finding new ways to exploit vulnerabilities in code or compromise applications during the development process. Because of the complexity and lack …

Continue reading ›
Elevating Cloud Security Response with Cloud-to-Code Tracing

Elevating Cloud Security Response with Cloud-to-Code Tracing

Data breaches and ransomware attacks have become a common headline around the globe. Meanwhile, protecting cloud environments has turned into an uphill battle for even the most seasoned CISO. With a broader attack surface, the dynamic nature of open source software, and a growing number of vulnerabilities being …

Continue reading ›
2023 Nautilus Cyber Security Report - Insights Revealed

2023 Nautilus Cyber Security Report - Insights Revealed

The adoption of cloud native technologies has become a cornerstone to helping businesses build and run applications. Cloud computing has revolutionized the way organizations design, develop, deploy, and manage their applications. While it has brought many benefits such as scalability, flexibility, and agility, it has …

Continue reading ›
Integrity Scanning Prevents Insecurity in the Software Supply Chain

Integrity Scanning Prevents Insecurity in the Software Supply Chain

What if you could prevent an attack like SolarWinds in a few easy steps? Since sophisticated software supply chain attacks usually hide in legitimate build processes and code updates, they’re often missed by regular code scanning tools. To counter these threats, we’re excited to announce pipeline integrity scanning —

Continue reading ›
Fortune 500 at Risk: 250M Artifacts Exposed via Misconfigured Registries

Fortune 500 at Risk: 250M Artifacts Exposed via Misconfigured Registries

What if you were told that you had a misconfigured registry with hundreds of millions of software artifacts containing highly confidential and sensitive proprietary code and secrets exposed in your environment right now? This would be what you’d call a really bad day for security. Recently, the Aqua Nautilus research …

Continue reading ›
White House Shifts Cybersecurity Strategy to Drive Resilience

White House Shifts Cybersecurity Strategy to Drive Resilience

This week, the White House released its updated National Cybersecurity Strategy detailing the comprehensive approach the U.S. Government’s Administration is taking to cybersecurity. 

Continue reading ›
Software Supply Chain Security vs. SCA: What's the Difference?

Software Supply Chain Security vs. SCA: What's the Difference?

As reliance on software increases in both personal and professional contexts, security of the software supply chain has become a critical concern. Ensuring the security and quality of software is essential for protecting against digital attacks, data breaches, and other cyber threats. Two practices that play a key …

Continue reading ›
What To Know: A Summary of the Compliance Guide to SSDF

What To Know: A Summary of the Compliance Guide to SSDF

NIST has recently researched, defined, and released an entirely new standard for incorporating security into the software development lifecycle called The Secure Software Development Framework. It was uniquely designed to help address the tremendous gaps in software supply chain security that expose organizations to …

Continue reading ›
Cloud Security Trends for 2023 Part Two

Cloud Security Trends for 2023 Part Two

Last month Aqua published a blog with the predictions from our Nautilus security research team regarding trends and new threats we are watching for 2023. In case you missed it over the holidays, we’ve included a link at the end of this post – it’s definitely worth the read.

Continue reading ›
Should You Use SLSA or CIS Software Supply Chain Security Guidelines?

Should You Use SLSA or CIS Software Supply Chain Security Guidelines?

With recent software supply chain attacks on the rise, CISOs being held personally liable, and the United States government requiring minimum security software standards for any products and services they procure, the development industry is refocusing on software development strategies that make security a priority. …

Continue reading ›