DEVOPSdigest

Aqua Security added pipeline integrity scanning to prevent software supply chain attacks and assure CI/CD pipeline integrity.

Powered by eBPF technology, Aqua’s pipeline integrity scanner detects and blocks suspicious behavior and malware in real time, preventing code tampering and countering threats in the software build process. This industry-first solution equips organizations to feel confident in their ability to strategically stop the most aggressive software supply chain threats that produce massive attack surfaces.

“SolarWinds demonstrated the catastrophic effects of compromising the integrity of the software build process and the critical need to continuously validate software integrity,” said Amir Jerbi, CTO of Aqua Security. “Our new pipeline integrity scanner solves one of the industry’s most urgent needs to ensure the integrity of the modern development process and prevent this type of destructive software supply chain attack.”

Aqua’s pipeline integrity scanner detects suspicious behavior or malware that characterizes a supply chain attack. The capability also takes advantage of behavioral signatures produced by the Aqua Nautilus research team to detect zero-day threats based on cloud native attacks seen in the wild.

After connecting to the build pipeline, pipeline integrity scanning allows developers to:

- Monitor the build pipeline and define a baseline for how the build operates. Teams can understand how their build pipeline runs and what is typical network activity, file access patterns and process activity in known good environments.

- Detect any drifts from the baseline. Once the baseline is established, the scanner can detect any drift from this state and alert teams on anything unusual and anomalous (including unexpected file modification, establishing communication with a suspicious URL, usage of a dropped malicious executable) to guarantee the integrity of the build process.

- Minimize attack vectors. Close security gaps in CI/CD pipelines by continuously scanning for pipeline drift. This allows teams to prevent the tampering of code in the earliest stages of the software build process and maintain dev tool integrity.

- Set up assurance policies. To scale safe development practices and ensure software integrity, assurance policies can be implemented to block completion of new builds that show signs of suspicious activity. This gives developers the ability to react in the development process where it is easier to fix.

Aqua’s pipeline integrity scanner leverages Tracee, the company’s open source runtime security and forensics sensor for Linux. Thanks to its lightweight capabilities, eBPF technology can provide visibility into the build’s runtime and detect threats in real time with minimal disruption. By detecting and stopping drift of the original build through eBPF-based scanning and policies, teams can protect their software from unauthorized access and prevent advanced supply chain attacks.

Aqua introduceed this dynamic capability to complement its existing shift-left capabilities including code scanning, CI/CD posture management, and next-gen SBOM to provide customers with the most comprehensive protection on the market.

Pipeline integrity scanning is part of its Software Supply Chain Security solution that secures code, all development infrastructure, and pipeline processes so that organizations can build and ship innovation faster and more securely. Delivered by the Aqua Cloud Security Platform, a cloud native application protection platform (CNAPP), it improves operational efficiency by connecting cloud to dev and tracing runtime risks to the code and developer who can fix them.