https://www.aquasec.com/tag/aqua-open-source/ Cloud Native Security, Container Security & Serverless Security Mon, 15 Jul 2024 09:37:35 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.5 https://www.aquasec.com/blog/detecting-ebpf-malware-with-tracee/ Wed, 19 Jul 2023 09:30:46 +0000 https://www.aquasec.com/?p=14324 eBPF is a popular and powerful technology embedded in the Linux kernel. It is widely used by many security tools for monitoring kernel activity to detect and protect organizations. eBPF, however, can potentially be a dual edged sword as it can be used by threat actors as part of their malicious arsenal. Lately, we have …]]> https://www.aquasec.com/blog/trivy-kubernetes-cis-benchmark-scanning/ Wed, 19 Apr 2023 09:59:00 +0000 https://www.aquasec.com/?p=14431 CIS (Center for Internet Security) compliance scanning is a standard in Kubernetes (K8s) security and is widely adopted across the industry with implementations in several security scanners. Kube-bench, an open source project developed by Aqua Security was one of the first projects to provide Kubernetes CIS compliance scanning and became a staple in K8s security. …]]> https://www.aquasec.com/blog/trivy-scans-unpackaged-binary-files/ Wed, 02 Nov 2022 17:51:23 +0000 https://www.aquasec.com/?p=14562 Trivy, the all-in-one security scanner, is now able to scan binary files in your scan targets such as container images. Most security scanners rely on package managers to discover vulnerabilities. Trivy now uses Rekor from Sigstore to look up the hash of a binary file. If a relevant SBOM is found through the hash, Trivy …]]> https://www.aquasec.com/blog/vulnerability-scanning-trivy-vs-the-trivy-operator/ Thu, 13 Oct 2022 15:29:20 +0000 https://www.aquasec.com/?p=14592 Over the past few months Aqua Trivy, the all-in-one cloud native security scanner, has rapidly grown in features and tapped into new use cases. In this blog post, we will explore An overview of Trivy The different use cases that Trivy covers An overview of the Trivy Operator The difference between Trivy and the Trivy …]]> https://www.aquasec.com/blog/trivy-software-supply-chain-security/ Thu, 22 Sep 2022 15:44:36 +0000 https://www.aquasec.com/?p=14615 Application security teams are challenged today with the need for a centralized view of exposure to security issues like Log4j and Spring4Shell. But an exploding set of artifacts and security tools makes it prohibitively difficult to secure the development life cycle. A universal scanner drastically reduces this management overhead and gets you started quickly. We …]]> https://www.aquasec.com/blog/linux-security-with-tracee-and-ebpf/ Wed, 20 Jul 2022 09:30:00 +0000 https://www.aquasec.com/?p=14705 Security practitioners often need to investigate malicious artifacts in their environments, which can be challenging if those are deleted or loaded from memory. This is increasingly the case as threat actors are weaponizing Linux kernel modules to perform and hide their attacks. In this blog, we look into kernel modules and explain why they can …]]> https://www.aquasec.com/blog/cis-software-supply-chain-compliance/ Thu, 14 Jul 2022 16:43:44 +0000 https://www.aquasec.com/?p=14706 The Center for Internet Security (CIS) has recently released the Software Supply Chain Security Guide, a set of practical, community-developed best practices for securing software delivery pipelines. As an initiator and one of the main contributors to this comprehensive and much-needed guidance, we at Aqua aim to help DevOps teams and the broader cloud native …]]> https://www.aquasec.com/blog/kubernetes-cluster-security-with-trivy/ Tue, 28 Jun 2022 09:30:00 +0000 https://www.aquasec.com/?p=14746 Last month at KubeCon Europe, we released new Kubernetes security scanning for Trivy. It allows you to scan running Kubernetes clusters and resources for misconfigurations directly through the Trivy CLI or by installing the Trivy Kubernetes Operator in a cluster. In this blog, we’ll demonstrate how to use Trivy to scan Kubernetes resources and how …]]> https://www.aquasec.com/blog/trivy-cloud-native-security-scanner/ Thu, 19 May 2022 09:30:00 +0000 https://www.aquasec.com/?p=14779 Over the past few years, the Aqua Trivy scanner has become a must-have tool in many developers’ toolkits, enabling them to easily shift left and secure artifacts before production. With a tremendous community of over 100,000 users and contributors from leading tech companies, Trivy is the most popular open source scanner in the world. At …]]> https://www.aquasec.com/blog/apache-struts-vulnerability-with-tracee/ Wed, 18 May 2022 09:30:00 +0000 https://www.aquasec.com/?p=14780 When running third-party applications in your cloud environments, you inherently put your workloads at greater risk. This is especially the case when the third-party software exposes some API function to the public web. Apache Struts 2 is a popular open source cross-platform web application framework, used by many developers in their day-to-day work. Recently, we …]]>