This is a guest post by Echo
Imagine starting every project with CVE-free base images, without adding any extra effort or tooling to your workflow. As developers and security teams, we know how hard it is to shift left when the base you’re building on is already vulnerable. That’s why we’re excited to be a launch partner in Trivy Partner Connect, a new initiative from Aqua Security that brings trusted, commercial integrations into the Trivy ecosystem.
As the world’s most widely used open source vulnerability and misconfiguration scanner, Trivy has earned the trust of millions of developers and security teams. The Partner Connect program expands what’s possible within that ecosystem, offering a way for users to access advanced security capabilities from within the tools they already rely on. Through this partnership, echo is making secure-by-design container images easily accessible to Trivy users. These hardened base images eliminate vulnerabilities at the source and are fully compatible with Trivy to guarantee your base images scan CVE-free with your existing tools.
Eliminate Inherited Vulnerabilities Without Changing Your Workflow
Security teams are under constant pressure to reduce vulnerability noise, shorten remediation cycles, and prove the effectiveness of their tools. But for many, the base image remains an overlooked source of risk showing up in their scans, full of inherited CVEs that developers didn’t introduce and security teams are still expected to fix.
echo addresses this problem at the source. Our AI agents handle every step of the process, from analyzing the functionality and essential components of the original open source image to building a clean, minimal version from scratch and continuously patching it as new vulnerabilities are uncovered. The result is a hardened image that mirrors, or echoes, the original’s functionality while dramatically reducing its attack surface. With this secure foundation in place, enterprises can confidently deploy scalable applications, freeing developers to focus on innovation rather than fixing inherited vulnerabilities they didn’t introduce.
And all of this means that when Trivy users scan their workloads built with echo images, they’ll see monumental reductions in CVE counts, without having to change scanners, rewrite workflows, or adopt new tooling. Trivy continues to function exactly as before, simply reflecting a clean foundation.
Trivy scan of open source python base image
Trivy scan of echo python base image
Eylam Milner, CTO & Co-FounderAligning security and engineering imperatives
The integration between echo and Trivy bridges the gap between platform, security, and development teams, delivering clean images and clear visibility.
Faster delivery with less friction
Platform engineers can use secure-by-default base images without altering workflows. Trivy scans pick up echo’s hardened images automatically, reducing back-and-forth with security teams to upgrade, add, or replace.
Clearer scans, fewer escalations
Security teams see immediate CVE reductions directly in Trivy results, eliminating the need to chase engineers to fix vulnerabilities.
Stronger security posture
Organizations gain a reduced attack surface and automatic remediation while continuing to use their existing scanning pipelines.
With this integration, teams can confidently build and ship software on a clean foundation with no added friction.
A shared commitment to secure open source
Trivy Partner Connect was created to bring trusted vendors into the heart of the Trivy ecosystem. For echo, it’s a natural alignment – a shared commitment to helping users reduce risk at scale through secure, developer-friendly tools.
Together with Aqua and the Trivy community, echo is helping drive a more secure container ecosystem.
Learn more about echo’s CVE-free images.
