Aqua Security Vulnerability Management

Aqua Security Vulnerability Management provides comprehensive scanning capabilities across the software development lifecycle. The solution scans container images, VM images, serverless functions, code, third-party components, and open source dependencies for known vulnerabilities, malware, embedded secrets, open source license issues, and configuration problems. The platform uses the Aqua scanner, powered by Aqua Trivy, to perform continuous scanning throughout development and production stages. It integrates into CI/CD pipelines to enable automated security testing and can scan registries and serverless function stores to detect emerging risks. Key scanning capabilities include Infrastructure as Code (IaC) template scanning for misconfigurations, SBOM generation for tracking code dependencies, and detection of sensitive data in IaC files. The solution includes Dynamic Threat Analysis (DTA) that runs images in a secure sandbox environment to monitor behavior and detect zero-day attacks, container escapes, cryptominers, code injection attempts, and backdoors. The platform offers agentless workload scanning for cloud environments with real-time event-based scanning to detect changes to cloud resources. It includes advanced secret scanning that identifies hidden secrets in development environments, including those in commit history. Flexible assurance policies allow organizations to set thresholds for findings and prevent non-compliant artifacts from progressing to production.