Cloud Native Security, Container Security & Serverless Security Fri, 03 Apr 2026 21:30:14 +0000 en-US hourly 1 https://wordpress.org/?v=6.9.4 https://www.aquasec.com/blog/trivy-supply-chain-attack-what-you-need-to-know/ Wed, 01 Apr 2026 07:00:11 +0000 https://www.aquasec.com/?p=27408 Open Source Security Advisory Update: Wednesday, April 1, 2026 Boston, MA 10:00 AM ET Over the past week, we have nearly finalized our investigation and are now in the final stages of documentation and review. There continues to be no indication that Aqua’s commercial products have been affected. As part of this process, we identified …]]> https://www.aquasec.com/blog/security-that-speaks-your-language-trivy-mcp-server/ Tue, 28 Oct 2025 12:00:33 +0000 https://www.aquasec.com/?p=26896 What if checking your project for vulnerabilities was as simple as asking a question? Or if your coding AI agent could automatically run a scan every time you changed a Dockerfile? The new Trivy MCP Server makes all that possible, and more. Built on the Model Context Protocol, Trivy MCP Server connects Trivy’s scanning capabilities …]]> https://www.aquasec.com/blog/dev-first-security-aqua-trivy-scanning-vs-code-jetbrains/ Tue, 05 Aug 2025 11:55:16 +0000 https://www.aquasec.com/?p=26190 In modern development workflows, integrating security seamlessly into the development process is crucial for delivering secure applications efficiently. Developers need security tools that work naturally within their development environment, providing immediate feedback without disrupting their workflow. The new Trivy extension for Visual Studio Code addresses this need by directly bringing comprehensive security scanning capabilities into …]]> https://www.aquasec.com/blog/trivy-partners-with-echo/ Tue, 08 Jul 2025 11:50:48 +0000 https://www.aquasec.com/?p=25925 This is a guest post by Echo Imagine starting every project with CVE-free base images, without adding any extra effort or tooling to your workflow. As developers and security teams, we know how hard it is to shift left when the base you’re building on is already vulnerable. That’s why we’re excited to be a …]]> https://www.aquasec.com/blog/5-must-see-sessions-at-kubecon-north-america/ Mon, 04 Nov 2024 04:42:07 +0000 https://www.aquasec.com/?p=23393 Who’s getting excited? Next week, the Cloud Native Computing Foundation’s flagship conference, KubeCon + CloudNativeCon, will kick off in Salt Lake City, Utah. In its ninth year, the conference has grown into more than just a technical conference—it’s a vibrant community event that offers attendees the tools, relationships, and inspiration to drive innovation in the …]]> https://www.aquasec.com/blog/introducing-vex-hub-unified-repository-for-vex-statements/ Mon, 16 Sep 2024 03:30:05 +0000 https://www.aquasec.com/?p=22575 VEX (Vulnerability eXploitability Exchange) is an emerging industry standard for communicating the relevance and impact of security vulnerabilities on software artifacts. This approach allows software maintainers to indicate when a specific vulnerability in a software dependency is irrelevant to their software due to the specific use case of that dependency. By conveying this crucial information …]]> https://www.aquasec.com/blog/scanning-kbom-for-vulnerabilities-with-trivy/ Mon, 06 Nov 2023 11:56:28 +0000 https://www.aquasec.com/?p=14209 Early this summer we announced the release of Kubernetes Bills of Material (KBOM) as part of Trivy, our all in one, popular open source security scanner. In the blog we discussed how KBOM is the manifest of all the important components that make up your Kubernetes cluster: Control plane components, Node Components, and Addons, including …]]> https://www.aquasec.com/blog/trivy-kubernetes-cis-benchmark-scanning/ Wed, 19 Apr 2023 09:59:00 +0000 https://www.aquasec.com/?p=14431 CIS (Center for Internet Security) compliance scanning is a standard in Kubernetes (K8s) security and is widely adopted across the industry with implementations in several security scanners. Kube-bench, an open source project developed by Aqua Security was one of the first projects to provide Kubernetes CIS compliance scanning and became a staple in K8s security. …]]> https://www.aquasec.com/blog/kubernetes-benchmark-scans-trivy-cis-nsa-reports/ Tue, 31 Jan 2023 18:11:13 +0000 https://www.aquasec.com/?p=14486 One of Trivy’s core features is Trivy Kubernetes for in-cluster security scans of running workloads. This tutorial will showcase how to generate CIS and NSA reports both through the Trivy CLI and the Trivy Operator. Additionally, we will look at how users can add the Kubernetes Specification for their own Compliance Report format to expand …]]> https://www.aquasec.com/blog/trivy-now-scans-amazon-machine-images-amis/ Thu, 01 Dec 2022 16:42:49 +0000 https://www.aquasec.com/?p=14538 While more and more companies are moving to a cloud native technologies to manage their workloads and infrastructure, Virtual Machines (VMs) remain a staple infrastructure that powers many existing organizations and applications. Trivy, the all-in-one open-source security scanner, already scans most of the cloud native stack including containers, clusters, and clouds. Today, we are announcing …]]>