 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
VALENCIA, Spain — At KubeCon Europe, Aqua Security, the cloud native security provider, announced its open source security scanner Aqua Trivy can scan pretty much anything cloud native related. Such as what? Such as source code, repositories, images, artifact registries, Infrastructure-as-Code (IaC) templates, and Kubernetes environments. I like the sound of this!
Trivy merges multiple scanning programs into a single tool. Amir Jerbi, Aqua Security’s CTO and co-founder sees this as a great move forward. “Security professionals are overwhelmed with the number of tools they are required to use and consolidating tools where possible helps teams become more efficient,” he said.
Aqua claims it’s the most comprehensive vulnerability and misconfigurations scanner available for cloud native applications and infrastructure. I don’t know if I’d go that far, but the concept’s very attractive.
After all, if my developers can do most of their scanning for security blunders with one tool, that’s a lot easier than using a hodgepodge of other programs. This makes getting your team to buy into DevSecOps much easier.
Its features include:
Trivy will run on the Alpine Linux, the Debian/Ubuntu Linux family, Red Hat Enterprise Linux (RHEL), the SUSE Linuxes, and others. It also works with CI/CD programs such as GitHub Actions, Jenkins, and GitLab CI.
Trivy is also being integrated into the Aqua Platform as Trivy Premium. With this commercial offering, you get customer support, premium content, and centralized management for enterprise scalability.
Trivy Premium also offers increased vulnerability identification accuracy, thanks to premium threat intelligence, malware scanning, and the ability to scan standalone binaries. The last are applications, which are installed directly without the use of a package manager. Within the Aqua Platform, Trivy Premium also integrates with other platform modules like Cloud Security Posture Management (CSPM) and Runtime Protection for improved cloud native application life cycle protection.
In addition, Trivy was recently integrated into Docker Desktop. If you’re using Desktop already this makes it even easier to bring vulnerability and risk scanning into your workflows.
Behind Trivy stands a large cloud native security community. With over 100,000 users, and with nearly 12,000 GitHub stars, it’s arguably the most popular vulnerability and risk scanner around. If I were in your shoes, I’d give the open source Trivy a try.
If you like what you see, sign up for a free trial of Trivy Premium on the Aqua Platform at Aquasec.com.
