Parasoft announces the opening of its new office in Northeast Ohio.
Aqua Security's Trivy Adds CSPM Capabilities
August 17, 2022
Aqua Security announced the addition of cloud security posture management (CSPM) capabilities to the open source tool Aqua Trivy.
Trivynnow provides one easy to-use-tool for scanning all cloud native applications to detect and prioritize risks.
Initially available for AWS cloud users with other cloud provider support coming soon, users can now scan their AWS accounts to identify misconfigurations and insider threats to ensure security and compliance with CIS Benchmarks. Now more teams can benefit from standardizing security efforts on a single, unified scanner to enforce consistent policies across the full cloud native application lifecycle.
“This is the next step in our mission to simplifying cloud native security for the community,” said Itay Shakury, director of open source, Aqua Security. “Trivy is making cloud security accessible and easy for everyone through the power of Open Source. We have been steadily releasing more and more security capabilities to the community through Trivy, and today we’re excited to bring the Trivy experience to cloud and AWS users.”
With accelerating cloud adoption accelerating and a widening skills gap, organizations are challenged to manage the multitude of configurations and keep their cloud footprints secure. The addition of CSPM capabilities to Aqua Trivy empowers AWS customers with fast, effective scanning and visibility for live environments.
“Aqua’s open source team is constantly innovating to bring best-of-breed capabilities to users, and the addition of AWS cloud configuration scanning further solidifies Trivy as the single scanner for all cloud native infrastructure and applications,” said Shakury. “We plan to add more cloud providers and more security frameworks, as we continue working to add value for our users and help them prevent attacks on cloud native environments.”
Users can define their own rules or browse and select from the Trivy community’s catalog of standards and policies. Because Trivy already had built-in misconfiguration rules for infrastructure as code (IaC) scanning, users benefit from having rules that are consistent across IaC definitions and production environments. As a bonus, Trivy can be used to identify AWS issues when infrastructure is defined with Terraform or CloudFormation.
Trivy is an open source vulnerability and risk scanner, covering more languages, OS packages and application dependencies than any other open source scanner. It provides fast, stateless scanning with no prerequisites for installation and delivers highly accurate results with broad coverage.
Industry News
May 02, 2024
Postman released v11, a significant update that speeds up development by reducing collaboration friction on APIs.
May 02, 2024
Sysdig announced the launch of the company’s Runtime Insights Partner Ecosystem, recognizing the leading security solutions that combine with Sysdig to help customers prioritize and respond to critical security risks.
May 02, 2024
Nokod Security announced the general availability of the Nokod Security Platform.
May 02, 2024
Drata has acquired oak9, a cloud native security platform, and released a new capability in beta to seamlessly bring continuous compliance into the software development lifecycle.
May 01, 2024
Amazon Web Services (AWS) announced the general availability of Amazon Q, a generative artificial intelligence (AI)-powered assistant for accelerating software development and leveraging companies’ internal data.
May 01, 2024
Red Hat announced the general availability of Red Hat Enterprise Linux 9.4, the latest version of the enterprise Linux platform.
May 01, 2024
ActiveState unveiled Get Current, Stay Current (GCSC) – a continuous code refactoring service that deals with breaking changes so enterprises can stay current with the pace of open source.
May 01, 2024
Lineaje released Open-Source Manager (OSM), a solution to bring transparency to open-source software components in applications and proactively manage and mitigate associated risks.
May 01, 2024
Synopsys announced the availability of Polaris Assist, an AI-powered application security assistant on the Synopsys Polaris Software Integrity Platform®.
April 30, 2024
Backslash Security announced the findings of its GPT-4 developer simulation exercise, designed and conducted by the Backslash Research Team, to identify security issues associated with LLM-generated code. The Backslash platform offers several core capabilities that address growing security concerns around AI-generated code, including open source code reachability analysis and phantom package visibility capabilities.
April 30, 2024
Azul announced that Azul Intelligence Cloud, Azul’s cloud analytics solution -- which provides actionable intelligence from production Java runtime data to dramatically boost developer productivity -- now supports Oracle JDK and any OpenJDK-based JVM (Java Virtual Machine) from any vendor or distribution.
April 30, 2024
F5 announced new security offerings: F5 Distributed Cloud Services Web Application Scanning, BIG-IP Next Web Application Firewall (WAF), and NGINX App Protect for open source deployments.
April 29, 2024
Code Intelligence announced a new feature to CI Sense, a scalable fuzzing platform for continuous testing.
April 29, 2024
WSO2 is adding new capabilities for WSO2 API Manager, WSO2 API Platform for Kubernetes (WSO2 APK), and WSO2 Micro Integrator.
