Aqua 3.0 Includes Compliance Features
April 9, 2018
Security touted the advanced compliance features as an
enhancement to Aqua 3.0, which Aqua announced last month. The
new compliance features make it easier for organizations that
develop and run containers to meet GRC requirements and
continuously ascertain the security and compliance posture of
their entire application environment.
•Scanning of container hosts: Aqua now performs scheduled scans of hosts running containers, to find both known vulnerabilities as well as malware. This allows organizations to avoid using separate tools for scanning hosts and container images.
•Malware scanning in images: Aqua now scans container images for malware, whether as part of the build in CI (continuous integration) tools or in image registries. The presence of malware is also a component in the Aqua image assurance policy, allowing organizations to prevent images with malware from completing builds in CI/CD as well as from running in their environment.
•Open-source license scanning in images: Aqua now scans container images for the presence and type of open-source licenses, whether as part of the build in CI (continuous integration) tools or in image registries. OSS licensing is now a component in the Aqua image assurance policy, allowing organizations to prevent certain types of OSS licenses from being deployed in their environments.
•Sensitive data scanning in images: Aqua automatically scans for embedded “secrets” in images, such as private keys and tokens. Aqua’s Image Assurance policy can be set to block images where such secrets were found from running.
•Custom compliance checks in images: Using Aqua’s custom compliance checks feature, admins can scan for PII and other sensitive data using their own scripts, such as social security numbers or credit card numbers. Aqua’s Image Assurance policy can be set to block images where such secrets were found from running.
•CIS Kubernetes and Docker benchmarks: The Center for Internet
Security, of which Aqua is a SecureSuite member, has issued
detailed benchmarks that list several hundred checks to ensure
that Kubernetes nodes and Docker hosts are adequately secured.
Aqua provides automated scheduled checks for both benchmarks
(including the recently updated Docker benchmark version 17.06),
as well as detailed reports that show the status of the
environment of each test.