Aqua Blog
Experts insight, best practices and advice on cloud native security, trends, threat intelligence and compliance
Set DevSecOps in Motion.png

Set DevSecOps in Motion with Minimal Commotion

DevOps professionals continue to believe they can’t do their jobs properly because security slows down operations. Security pros, meanwhile, have largely failed to integrate security measures into DevOps initiative, resulting in unproductive …

Continue reading ›
BLog runc CVE

CVE-2016-9962: Run Container Run

RunC Like the Wind

Recently, an interesting vulnerability was discovered (CVE-2016-9962) that enables container escape to the host. The vulnerability stems from a bug found in opencontainers' runc code, which is used by several container engines, …

Continue reading ›
blog-cisco-banner.png

Cisco CloudCenter Orchestrator Docker Privilege Escalation Vulnerability Explained

Cisco announced a few days ago that it discovered and fixed a critical vulnerability in its CloudCenter Orchestrator, whereby a misconfiguration caused the Docker Engine management port to be reachable outside of the CloudCenter Orchestrator …

Continue reading ›
Scanning Docker Images on a Massive Scale

Docker Images Vulnerability Scanning on a Massive Scale

Working with several customers who are "heavy" adopters of Docker containers, we've seen environments where thousands of Docker images are built on almost a daily basis. Organizations that fully commit to continuous integration often commit …

Continue reading ›
ACR blog.jpg

Image Vulnerability Scanning in Azure Container Registry

Last month we announced support for Windows containers and automating image scanning as a step in Microsoft VSTS. I'm happy to announce that Aqua supports the new (yet to be officially released) Azure Container Registry, or ACR.

Continue reading ›
Dirty COW Vulnerability

Dirty COW Vulnerability: Impact on Containers

There has been plenty of buzz lately regarding an old-new privilege escalation vulnerability, adorably named “Dirty COW” after the Copy-On-Write memory protection in the Linux kernel. The whole thing started roughly eleven years ago, when a …

Continue reading ›