Aqua Security, the pure-play cloud-native security provider, today introduces an end-to-end software supply chain security solution that ensures protection across the entire software development lifecycle (SDLC) and helps organizations prevent and stop supply chain attacks on cloud-native applications.
Software supply chain attacks are on the rise, and Aqua data shows a 300 percent increase year-over-year. Aqua identifies software supply chain risks as threats coming from third-party artifacts, open-source dependencies and malicious actors targeting the unique developer toolset and environment.
To combat the growing risk to the software supply chain, Aqua introduces new capabilities to add to its supply chain solution. These capabilities make Aqua a solution that protects against supply chain risk from code all the way through to runtime, across the application and underlying infrastructure.
“Other vendors miss a piece of the equation,” said Amir Jerbi, CTO and co-founder Aqua Security. “For example, some solutions focus on the build while others focus on the code and build, but Aqua is the only solution that allows developers to offer proactive security measures across code, build, deploy and runtime phases. With this, we are giving developers and security teams the confidence to continue to build their cloud-native application development capabilities and prevent supply chain attacks.
The solution is part of Aqua’s Cloud Native Application Protection Platform (CNAPP), the Aqua Platform. The Aqua Supply Chain Solution introduces robust features including:
- Code Scanning – Scan an organization’s code in a matter of minutes without leaving the developer workflow. Powered by Aqua Trivy Premium, the enterprise version of the open-source universal cloud-native security scanner, developers can find and remediate vulnerabilities and other risks within code to deliver safer code faster.
- CI/CD Posture Management – Secure your Continuous Integration/Continuous Delivery (CI/CD) toolchain to establish a zero-trust DevOps environment. Enforce Least Privilege Access to reduce security risks and meet compliance requirements. Easily spot and fix dangerous misconfigurations of your DevOps platform (e.g., GitHub, Jenkins, Nexus). Identify insider threats such as the removal of required security checks, bulk changes to user account access, or a change to a sensitive code repository.
- Pipeline Security – Identify new or non-compliant CI pipelines and apply customizable security assurance policies across your entire organization’s CI with a single click. Set specific enforcements on your production pipeline to make sure every newly built artifact is signed and scanned for vulnerabilities, secrets and Infrastructure as Code (IaC) misconfigurations.
- Next-Generation SBOM – Go beyond basic SBOM generation and record every step and action from the moment a developer has committed the latest code change through the build process up until the new final artifact is generated. With code signing, users can also verify the code history and gain certainty that the code they create is the same code that ends up in the development toolchain.
- Open Source Health Assessment – Assess the health and reputation of open source code. Aqua grades every open-source package based on quality, maintainability, popularity, and risk for supply chain incidents. The solution can automatically prevent risky code from entering the codebase and developers are notified in real-time of potentially dangerous packages.
The launch and rollout of Aqua’s Supply Chain Solution is the last step in the full integration of the Argon Security technology following the acquisition in December 2021.
For more information, visit https://www.aquasec.com/.
