Aqua Security's Trivy Adds CSPM Capabilities
August 17, 2022

Aqua Security announced the addition of cloud security posture management (CSPM) capabilities to the open source tool Aqua Trivy.

Trivynnow provides one easy to-use-tool for scanning all cloud native applications to detect and prioritize risks.

Initially available for AWS cloud users with other cloud provider support coming soon, users can now scan their AWS accounts to identify misconfigurations and insider threats to ensure security and compliance with CIS Benchmarks. Now more teams can benefit from standardizing security efforts on a single, unified scanner to enforce consistent policies across the full cloud native application lifecycle.

“This is the next step in our mission to simplifying cloud native security for the community,” said Itay Shakury, director of open source, Aqua Security. “Trivy is making cloud security accessible and easy for everyone through the power of Open Source. We have been steadily releasing more and more security capabilities to the community through Trivy, and today we’re excited to bring the Trivy experience to cloud and AWS users.”

With accelerating cloud adoption accelerating and a widening skills gap, organizations are challenged to manage the multitude of configurations and keep their cloud footprints secure. The addition of CSPM capabilities to Aqua Trivy empowers AWS customers with fast, effective scanning and visibility for live environments.

“Aqua’s open source team is constantly innovating to bring best-of-breed capabilities to users, and the addition of AWS cloud configuration scanning further solidifies Trivy as the single scanner for all cloud native infrastructure and applications,” said Shakury. “We plan to add more cloud providers and more security frameworks, as we continue working to add value for our users and help them prevent attacks on cloud native environments.”

Users can define their own rules or browse and select from the Trivy community’s catalog of standards and policies. Because Trivy already had built-in misconfiguration rules for infrastructure as code (IaC) scanning, users benefit from having rules that are consistent across IaC definitions and production environments. As a bonus, Trivy can be used to identify AWS issues when infrastructure is defined with Terraform or CloudFormation.

Trivy is an open source vulnerability and risk scanner, covering more languages, OS packages and application dependencies than any other open source scanner. It provides fast, stateless scanning with no prerequisites for installation and delivers highly accurate results with broad coverage.

Share this

Industry News

November 21, 2024

Red Hat announced the general availability of Red Hat Enterprise Linux 9.5, the latest version of the enterprise Linux platform.

November 21, 2024

Securiti announced a new solution - Security for AI Copilots in SaaS apps.

November 20, 2024

Spectro Cloud completed a $75 million Series C funding round led by Growth Equity at Goldman Sachs Alternatives with participation from existing Spectro Cloud investors.

November 20, 2024

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, has announced significant momentum around cloud native training and certifications with the addition of three new project-centric certifications and a series of new Platform Engineering-specific certifications:

November 20, 2024

Red Hat announced the latest version of Red Hat OpenShift AI, its artificial intelligence (AI) and machine learning (ML) platform built on Red Hat OpenShift that enables enterprises to create and deliver AI-enabled applications at scale across the hybrid cloud.

November 20, 2024

Salesforce announced agentic lifecycle management tools to automate Agentforce testing, prototype agents in secure Sandbox environments, and transparently manage usage at scale.

November 19, 2024

OpenText™ unveiled Cloud Editions (CE) 24.4, presenting a suite of transformative advancements in Business Cloud, AI, and Technology to empower the future of AI-driven knowledge work.

November 19, 2024

Red Hat announced new capabilities and enhancements for Red Hat Developer Hub, Red Hat’s enterprise-grade developer portal based on the Backstage project.

November 19, 2024

Pegasystems announced the availability of new AI-driven legacy discovery capabilities in Pega GenAI Blueprint™ to accelerate the daunting task of modernizing legacy systems that hold organizations back.

November 19, 2024

Tricentis launched enhanced cloud capabilities for its flagship solution, Tricentis Tosca, bringing enterprise-ready end-to-end test automation to the cloud.

November 19, 2024

Rafay Systems announced new platform advancements that help enterprises and GPU cloud providers deliver developer-friendly consumption workflows for GPU infrastructure.

November 19, 2024

Apiiro introduced Code-to-Runtime, a new capability using Apiiro’s deep code analysis (DCA) technology to map software architecture and trace all types of software components including APIs, open source software (OSS), and containers to code owners while enriching it with business impact.

November 19, 2024

Zesty announced the launch of Kompass, its automated Kubernetes optimization platform.

November 18, 2024

MacStadium announced the launch of Orka Engine, the latest addition to its Orka product line.