Trivy Can Now Scan Unpackaged Binary Files

Aqua Cloud Native Blog

Expert insight, best practices and advice on cloud native security, trends, threat intelligence and compliance.

AQUA OPEN SOURCE
Trivy Can Now Scan Unpackaged Binary Files
Trivy, the all-in-one security scanner, is now able to scan binary files in your scan targets such as container images. Most security scanners rely on package managers to discover vulnerabilities. Trivy now uses Rekor from Sigstore to look up the hash of a binary file. If a relevant SBOM is found through the hash, Trivy …
Read more
VULNERABILITY MANAGEMENT
Find the New OpenSSL Vulnerabilities with Trivy
Today, OpenSSL announced two new CVEs and mitigation recommendations. This blog provides guidance as to how you can identify the Open SSL vulnerability using Trivy. To both identify and mitigate the vulnerability, see this blog post Updated Security Advisory: New OpenSSL Vulnerabilities about mitigation with assurance policies in Aqua’s software supply chain solution.
Read more
SECURITY RESEARCH
Updated Security Advisory: New OpenSSL Vulnerabilities
The OpenSSL project has pre-announced a new and critical severity vulnerability, which was downgraded to High as of today, Nov. 1, 2022. The initial pre-announcement blog has been updated here to reflect additional remediation guidance.
Read more
CNAPP, PARTNERS & ALLIANCES
Aqua CyberArk Conjur Certification: Making DevSecOps Easier
Aqua Security is excited to announce that our newly certified integration with CyberArk Conjur Secrets Manger for both Conjur Secrets Manger Enterprise and Conjur Secrets Manager Open Source is now available in the CyberArk Marketplace. This integration makes it even easier for Aqua Security customers to inject secrets that are managed, audited, rotated, and protected …
Read more
SECURITY RESEARCH
Text4Shell: CVE-2022-42889 in Apache Commons Text Explained
A new vulnerability in the Apache Commons Text library indicates that attackers can perform remote code execution (RCE). The media rushed to create hype around this vulnerability, comparing it to the infamous zero-day vulnerability Log4Shell, which emerged late last year and was broadly exploited by attackers. However, it’s too soon to say whether this new …
Read more
AQUA OPEN SOURCE
Vulnerability Scanning: Trivy vs the Trivy Operator
Over the past few months Aqua Trivy, the all-in-one cloud native security scanner, has rapidly grown in features and tapped into new use cases. In this blog post, we will explore
Read more
SECURITY RESEARCH
Threat Alert: Private npm Packages Disclosed via Timing Attacks
Threat Alert
We at Aqua Nautilus have discovered that npm’s API allows threat actors to execute a timing attack that can detect whether private packages exist on the package manager. By creating a list of possible package names, threat actors can detect organizations’ scoped private packages and then masquerade public packages, tricking employees and users into downloading …
Read more
AQUA OPEN SOURCE
Triaging Trivy AWS Alerts with Postee and AWS Security Hub
Security operators are getting overloaded with alerts and information coming from a variety of sources. Without proper automation and triage, this information often gets lost and unactioned upon. With Postee, this can be remediated with automating commonly taken operator actions ahead of time.
Read more
PARTNERS & ALLIANCES
Aqua and HashiCorp Enable Cloud Native Security, Zero-Trust Approaches
We’re delighted to announce our recent achievement of Premier tier status in HashiCorp’s partner ecosystem – a significant milestone in helping our mutual customers automate security and compliance as part of the cloud journey, and more effectively manage risk by shifting security left, securing the software supply chain and adopting zero trust architectures:
Read more
SOFTWARE SUPPLY CHAIN SECURITY
Trivy: The Universal Scanner to Secure Your Cloud Migration
Application security teams are challenged today with the need for a centralized view of exposure to security issues like Log4j and Spring4Shell. But an exploding set of artifacts and security tools makes it prohibitively difficult to secure the development life cycle. A universal scanner drastically reduces this management overhead and gets you started quickly.
Read more
SECURITY RESEARCH
Threat Alert: New Malware in the Cloud By TeamTNT
Threat Alert
Over the past week we observed three different attacks on our honeypots. The scripts and malware that were used bear a striking resemblance to none other than the threat actor TeamTNT. Eleven months ago they posted a farewell note on Twitter. Since then, we have only seen legacy attacks which automatically run on past infrastructure. …
Read more
SECURITY RESEARCH
Threat Alert: Phishing as a Service to Ramp Up Supply Chain Attacks
Threat actors are ramping up their game by deploying Phishing as a Service (PhaaS) to code and package managers (such as GitHub, PyPI, Ruby, NPM). This tactic circumvents Multi-Factor Authentication (MFA) mechanisms leading to session cookie hijacks and account takeovers. As we’ve learned in recent years, account takeovers of these applications lead to supply chain …
Read more
Page 9 of 33‹ Prev5678910111213Next ›
Need to secure enterprise workloads?
Aqua Cloud Native Application Protection Platform (CNAPP)
Go cloud native with the experts!
Get Demo
Aqua Security is the pioneer in securing containerized cloud native applications from development to production. Aqua's full lifecycle solution prevents attacks by enforcing pre-deployment hygiene and mitigates attacks in real time in production, reducing mean time to repair and overall business risk. The Aqua Platform, a Cloud Native Application Protection Platform (CNAPP), integrates security from Code to Cloud, combining the power of agent and agentless technology into a single solution. With enterprise scale that doesn’t slow development pipelines, Aqua secures your future in the cloud. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL protecting over 500 of the world’s largest enterprises.
Read Aqua Security reviews on G2

Use Cases

Environments

Partners

Resources

About Us

Get in Touch

Products

Get Started
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use | Cookie Settings |  
Accessibility Tools
Normal text size Medium text size Large text size
Normal display Black & White display High contrast display
Stop transitions and animations Underline Links