Aqua Blog

Vulnerability Management

Zero-Day Attack Prevention Through Supply Chain Security

Zero-Day Attack Prevention Through Supply Chain Security

Supply chain security has made lots of headlines recently thanks to events like the SolarWinds breach. That and similar events highlight the importance of having a strategy in place to respond to zero-day attacks which can take advantage of vulnerable software components.

Continue reading ›
Establishing a Resilient DevSecOps Action Plan

Establishing a Resilient DevSecOps Action Plan

DevSecOps is an easy term to toss around. But what does it mean, exactly? What actually goes into an effective DevSecOps strategy? And how do cloud and DevOps impact DevSecOps processes? To find out, I participated in a conversation with Merritt Baer, principal in the AWS Office of the CISO, to discuss the best ways …

Continue reading ›
Technical Review: A Deep Analysis of the Dirty Pipe Vulnerability

Technical Review: A Deep Analysis of the Dirty Pipe Vulnerability

Dirty Pipe (CVE-2022-0847) proved that there is a new way to exploit Linux syscalls to write to files with a read-only privileges. The fact that someone can write to a file regardless of its permissions is a big security threat. An application of this vulnerability would be to write on the host from an unprivileged …

Continue reading ›
Kubernetes Version 1.26: An Overview

Kubernetes Version 1.26: An Overview

Kubernetes Version 1.26 was released with 37 new enhancements including 11 Stable, 10 Beta, 16 Alpha, and 12 features deprecated or removed. In this blog, we will highlight its most notable features and show how using Trivy will help you find deprecated Kubernetes resources.

Continue reading ›
Trivy Now Scans Amazon Machine Images (AMIs)

Trivy Now Scans Amazon Machine Images (AMIs)

While more and more companies are moving to a cloud native technologies to manage their workloads and infrastructure, Virtual Machines (VMs) remain a staple infrastructure that powers many existing organizations and applications. Trivy, the all-in-one open-source security scanner, already scans most of the cloud …

Continue reading ›
Find the New OpenSSL Vulnerabilities with Trivy

Find the New OpenSSL Vulnerabilities with Trivy

Today, OpenSSL announced two new CVEs and mitigation recommendations. This blog provides guidance as to how you can identify the Open SSL vulnerability using Trivy. To both identify and mitigate the vulnerability, see this blog post Updated Security Advisory: New OpenSSL Vulnerabilities about mitigation with assurance …

Continue reading ›
Vulnerability Scanning: Trivy vs the Trivy Operator

Vulnerability Scanning: Trivy vs the Trivy Operator

Over the past few months Aqua Trivy, the all-in-one cloud native security scanner, has rapidly grown in features and tapped into new use cases. In this blog post, we will explore

Continue reading ›
New for Trivy: CSPM Identifies Misconfigurations of Your AWS Services

New for Trivy: CSPM Identifies Misconfigurations of Your AWS Services

Every cloud provider has different resources that require detailed understanding to scan for security issues. To make this easier, cloud providers offer built-in security scanners. However, those may often lack functionality and integration into your existing stack.

Continue reading ›
Integrate OSS Container Vulnerability Data with Aqua and Sonatype Nexus

Integrate OSS Container Vulnerability Data with Aqua and Sonatype Nexus

The rise in software supply chain attacks presents a profound challenge to the cornerstone of DevOps practices: the heavy use and reuse of open source software (OSS). Aqua Security extends visibility into risks across the software stack – and helps teams maintain a clear view into their software bills of materials …

Continue reading ›
Vulnerability Management in Container Images from Build to Runtime

Vulnerability Management in Container Images from Build to Runtime

When it comes to containerized workloads, resolving the underlying image's security vulnerabilities is paramount to ensuring the safety of your environment. Getting security risk information into the hands of developers quickly and efficiently is key to keeping development cycles as short as possible while maintaining …

Continue reading ›
Vulnerability Scanning for Kubernetes Applications: Why and How

Vulnerability Scanning for Kubernetes Applications: Why and How

If you’re looking to improve the security posture of your Kubernetes applications, you can get a lot of bang for your buck with vulnerability scanning. In this blog, I’ll talk about the fundamentals of scanning container images: how to pick a vulnerability scanner, when to use it in the application pipeline, and why …

Continue reading ›