Aqua News Aqua Security’s Trivy Adds CSPM Capabilities

Aqua expands the industry’s only unified open source scanner for cloud native security to help practitioners easily identify and stop threats

Aqua expands the industry’s only unified open source scanner for cloud native security to help practitioners easily identify and stop threats

BOSTON—Aug. 17, 2022 Aqua Security, the leading pure-play cloud native security provider, today announced the addition of cloud security posture management (CSPM) capabilities to the open source tool Aqua Trivy. Trivy, the world’s most used developer tool for scanning cloud native assets, now provides one easy to-use-tool for scanning all cloud native applications to detect and prioritize risks.  

Initially available for AWS cloud users with other cloud provider support coming soon, users can now scan their AWS accounts to identify misconfigurations and insider threats to ensure security and compliance with CIS Benchmarks. Now more teams can benefit from standardizing security efforts on a single, unified scanner to enforce consistent policies across the full cloud native application lifecycle. 

“This is the next step in our mission to simplifying cloud native security for the community,” said Itay Shakury, director of open source, Aqua Security. “Trivy is making cloud security accessible and easy for everyone through the power of Open Source. We have been steadily releasing more and more security capabilities to the community through Trivy, and today we’re excited to bring the Trivy experience to cloud and AWS users.”  

With accelerating cloud adoption accelerating and a widening skills gap, organizations are challenged to manage the multitude of configurations and keep their cloud footprints secure. The addition of CSPM capabilities to Aqua Trivy empowers AWS customers with fast, effective scanning and visibility for live environments. 

“Aqua’s open source team is constantly innovating to bring best-of-breed capabilities to users, and the addition of AWS cloud configuration scanning further solidifies Trivy as the single scanner for all cloud native infrastructure and applications,” said Shakury. “We plan to add more cloud providers and more security frameworks, as we continue working to add value for our users and help them prevent attacks on cloud native environments.”

Unlike built-in cloud tools, users can define their own rules or browse and select from the Trivy community’s catalog of standards and policies. Because Trivy already had built-in misconfiguration rules for infrastructure as code (IaC) scanning, users benefit from having rules that are consistent across IaC definitions and production environments. As a bonus, Trivy can be used to identify AWS issues when infrastructure is defined with Terraform or CloudFormation.

The World’s First Unified Scanner for Cloud Native Security

Trivy is the most comprehensive, easy-to-use open source vulnerability and risk scanner, covering more languages, OS packages and application dependencies than any other open source scanner. It provides fast, stateless scanning with no prerequisites for installation and delivers highly accurate results with broad coverage. Trivy is built on the largest cloud native security community, and with tens of thousands of users and over 20,000 combined GitHub stars, it is also the most popular vulnerability and risk scanner in the world and has been adopted by leading cloud platform providers and for DevOps projects like GitLab, Artifact Hub, and Harbor.

Aqua recently announced Trivy had become the world’s first unified scanner for cloud native security. Practitioners are overwhelmed with the number of scanning tools available, and Trivy solves that challenge by consolidating them into one. The result is better visibility, less operational overhead, and a simplified experience to secure cloud native applications. With fewer tools to manage, developers, DevOps and DevSecOps now have a more efficient, simplified tool for scanning source code, repositories, images, artifact registries, IaC templates and Kubernetes environments — all to secure cloud native applications. In May 2022, Trivy was integrated into Docker Desktop to bring vulnerability and risk scanning into developer workflows and eliminate friction, so users can confidently build more secure cloud native applications. 

Learn more about Trivy on GitHub and Aqua’s blog or join the Trivy community on Slack.

About Aqua Security
Aqua Security stops cloud native attacks and is the only company with a $1M Cloud Native Protection Warranty to guarantee it. As the pioneer and largest pure-play cloud native security company, Aqua helps customers unlock innovation and build the future of their business. The Aqua Platform is the industry’s most integrated Cloud Native Application Protection Platform (CNAPP), prioritizing risk and automating prevention, detection and response across the lifecycle. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL with Fortune 1000 customers in over 40 countries. For more information, visit