For vulnerability scanning, I have to recommend either trivy or grype. Clair is really complicated to set up and is really geared at people scanning entire container registries at once. In general, I would recommend trivy over grype simply because it does not speculate about unconfirmed vulnerabilities, which I think is a distraction to developers, …
BOSTON – June 8, 2021 – Aqua Security, the pure-play cloud native security leader, today announced the appointment of Darkbit co-founders Brad Geesaman and Josh Larsen to the Aqua team. Geesaman will serve as the Director of Cloud Security and Larsen as the Director of Cloud Product; their expertise will be leveraged to further strengthen Aqua’s Cloud Security Posture Management (CSPM) solution and Kubernetes offerings. Geesaman and Larsen have been singularly focused on cyber and information security for over …
Aqua Security enables enterprises to secure their container and cloud-native applications from development to production, accelerating application deployment and bridging the gap between DevOps and IT security. The Aqua Container Security Platform protects applications running on-premises or in the cloud, across a broad range of platform technologies, orchestrators and cloud providers.
Amir Jerbi, co-founder of Tel Aviv-based Aqua Security, fears that if the monitoring and testing are not done exactly right, the military’s software updates could be compromised during the process of developing them from code in the repository. “Then, the minute something is updated you’re opening the door to something malicious,” Jerbi tells me. “If …
As per a report from the Nautilus research team of Aqua Security, the year 2020 witnessed increased cyber-attacks targeting cloud-native supply chain and infrastructure. The report provides insights into the security threats that these platforms face, including fileless malware in containers, exploiting misconfigured Docker API ports and using container images that were relatively unsophisticated.
Customers and partners currently using ECS Anywhere include Siemens, CyberAgent, Getir, and Infosys among others, according to VP of compute services at AWS Deepak Singh. Canonical is leveraging it to offer Ubuntu for container workloads, while Aqua Security is using ECS Anywhere to help clients build cloud-native apps that meet certain compliance requirements.
BOSTON – May 24, 2021 – Aqua Security, the pure-play cloud native security leader, today announced that its Team Nautilus researchers were tapped by the MITRE ATT&CK team to contribute to the development of the new Container Framework. Aqua’s contributions help to create a foundation for cloud security methodologies and shape the future of container security by illuminating key cloud native …
Last month, the Codecov breach has again raised concerns about the security of the software supply chain. On our blog, we share the lessons from this incident and explore how you can start protecting your development pipeline against CI poisoning and supply chain attacks. On the cloud threat front, our latest research reveals 90% of companies are vulnerable to security breaches …