BOSTON, Oct. 7, 2020 /PRNewswire/ — Aqua Security, the pure-participate in cloud native stability chief, announced these days that Aqua’s open resource Trivy vulnerability scanner is now obtainable as an Aqua Safety Trivy GitHub Action. The action integrates with GitHub code scanning so developers can create container image scanning into their GitHub Steps workflow to locate and get rid of vulnerabilities ahead of they access output.
“Code scanning was goal-crafted with extensibility in mind,” explained John Leon, VP of Company Advancement at GitHub. “We go on to develop our safety ecosystem with answers like Aqua, so developers can function with the stability scanning technologies they want, all within just the GitHub-indigenous encounter they love. Together, we are creating protection easier for anyone.”
GitHub code scanning integrates with GitHub Steps or users’ existing CI/CD environments and scans code as it’s developed, surfacing actionable protection reviews within just pull requests and other GitHub encounters.
The Aqua Protection Trivy Motion integration finds vulnerabilities (CVEs) in the OS package deal dependencies and language libraries created into a container image. Developers have to stay away from deploying pictures that may possibly harbor sizeable CVEs that attackers can exploit. The Trivy Motion alerts developers to acknowledged CVEs through the GitHub user interface to rapidly and effortlessly update these dependencies and do away with the danger.
The Trivy Motion generates output in a format known as SARIF that GitHub supports for ingesting protection details. The output from an graphic scan seems proper in the GitHub code scanning UI, specifically beneath a project repository’s Security tab.
“Developers are shifting a lot more programs into creation, so we are focused on aiding them establish securely without the need of slowing down innovation,” mentioned Liz Rice, VP of Open Resource Engineering at Aqua. “The new Aqua Protection Trivy GitHub Motion delivers container stability scanning proper into the GitHub interface that developers know and appreciate.”
The new Aqua Protection Trivy Motion is out there on the GitHub Marketplace now. Stick to this hyperlink to perspective a sample workflow of making a container impression from a Dockerfile in the repository and working the Aqua Safety Trivy code scanning above it.
About Aqua Stability
Aqua Stability is the premier pure-participate in cloud indigenous stability firm, providing prospects the independence to innovate and run their enterprises with negligible friction. The Aqua Cloud Indigenous Protection System presents prevention, detection, and reaction automation across the complete software lifecycle to safe the create, safe cloud infrastructure and secure running workloads anywhere they are deployed. Aqua prospects are amid the world’s biggest enterprises in monetary providers, software package, media, manufacturing and retail, with implementations throughout a wide range of cloud vendors and present day technologies stacks spanning containers, serverless functions, and cloud VMs. For a lot more info, take a look at www.aquasec.com or stick to us on twitter.com/AquaSecTeam.
+1 (415) 341-5625