Aqua Security has announced multiple updates to Aqua Trivy, making it what the company claims to be the world’s first unified scanner for cloud-native security. Consolidating multiple scanning tools into a single tool, Trivy is also being integrated into the Aqua Platform as Trivy Premium, through which customers can take advantage of customer support, premium content and centralized management for enterprise scalability.
As the company puts it, Trivy is now one tool for all cloud-native scanning needs including source code, repositories, images, artifact registries, Infrastructure as Code (IaC) templates and Kubernetes environments. With fewer tools to manage, developers, DevOps and DevSecOps now have a more efficient, simplified tool to ensure security of their cloud native applications. They can integrate security into their workflows without having to leave their continuous integration or continuous deployment (CI/CD) environments.
New capabilities include the following: Scan proprietary and third-party code for issues using Integrated Developer Environment (IDE) plug-ins for JetBrains, VSCode and VIM to shift security further left; Generate complete software bills of materials (SBOM) to provide transparency into software components and restore visibility to risks in the software supply chain; Detect sensitive hardcoded secrets, like passwords, API keys and tokens to prevent unauthorized access by threat actors as well as scan running Kubernetes clusters for a full life cycle view of risks, and audit for regulatory compliance.
As part of the Aqua Platform, Trivy Premium integrates with other platform modules like Cloud Security Posture Management (CSPM) and Runtime Protection for complete cloud native application life cycle protection.