Security News > 2023 > November > Aqua Trivy open-source security scanner now finds Kubernetes security risks
The Aqua Trivy open-source scanner now supports vulnerability scanning for Kubernetes components and Kubernetes Bill of Materials generation.
Now, companies can better understand the components within their Kubernetes environment and how secure they are to reduce risk.
"Aqua Trivy is the only open source tool covering all cloud-native scanning needs, including source code, repositories, images, artifact registries, Infrastructure as Code templates, and Kubernetes environments. Developers, DevOps and DevSecOps, have a more efficient, simplified tool to ensure the security of their cloud-native applications and can integrate security into their workflows without having to leave their continuous integration or continuous deployment environments," Itay Shakury, VP of Open Source at Aqua Security, told Help Net Security.
"Unlike other open-source scanners, Aqua Trivy provides visibility across operating system packages and language-specific dependencies and is easy to integrate into organizations' software development pipelines. It has a compact database with auto-update capabilities that do not require external middleware or database dependencies. Aqua Trivy will automatically keep the database up-to-date by downloading the latest pre-built version from GitHub. This makes the tool extremely fast and efficient - scanning takes only seconds," Shakury added.
"Aqua Trivy is already a very comprehensive and capable scanner, and we want to continue this trend by adding more scan targets and scanners. This will increase its coverage and applicability to practically every cloud-native use case and make it the one-stop shop for everything security scanning. This vision includes incorporating other security scanning tools into Aqua Trivy, including our other popular open-source projects Starboard, kube-bench, kube-hunter, and tfsec," Shakury concluded.
News URL
https://www.helpnetsecurity.com/2023/11/08/aqua-trivy-open-source-security-scanner/
Related news
- Open source maintainers: Key to software health and security (source)
- Strengthening Kubernetes security posture with these essential steps (source)
- How isolation technologies are shaping the future of Kubernetes security (source)
- Osmedeus: Open-source workflow engine for offensive security (source)
- Am I Isolated: Open-source container security benchmark (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Debunking myths about open-source security (source)
- AxoSyslog: Open-source scalable security data processor (source)