Trivy by Aqua Security: Kubernetes vulnerability scan

Aqua Security, the pioneer in cloud native security, today announced that its open source solution Trivy now supports vulnerability scanning for Kubernetes components, as well as generation of Kubernetes Bills of Materials (KBOM). Enterprises can now better understand the components in their Kubernetes environment and their security to significantly reduce risk.

Kubernetes, security is a concern for more than half of companies

Kubernetes has been widely adopted by enterprises around the world, but according to Red Hat, more than half of enterprises are concerned about Kubernetes security, specifically, vulnerabilities and misconfigurations. Existing infrastructure scanners only scan infrastructure misconfigurations and fail to scan Kubernetes components for vulnerabilities. With this innovation in Trivy, Aqua's open source solution, this challenge is solved for the first time.

Trivy KBOM, vulnerability scanning for complete Kubernetes security

In early 2023, Aqua had announced the inclusion of KBOM in Trivy. Similar to a Software Bill of Materials (SBOM), a KBOM is the manifest of all the important components that make up the Kubernetes cluster: the control panel components, node components, and add-ons, including their versions and images . Aqua Trivy's Kubernetes vulnerability scan uses KBOM to help users understand how cluster security changes over time, identify any security issues, and know when to update cluster components. The visibility gained from KBOM generation and component vulnerability scanning is not only important for companies managing their own Kubernetes environments. Even those using a managed Kubernetes service need this level of visibility and security to determine whether their service providers are using vulnerable components that could put them at risk.

Aqua Security, continuous commitment to Kubernetes security innovation

“Just as SBOM is critical to application security, KBOM is critical to infrastructure security,” said Itay Shakury, vice president of open source at Aqua Security. “Now, with the ability to scan real Kubernetes infrastructure, as well as workloads and images, we are working to build the industry's first comprehensive Kubernetes vulnerability scanner. Aqua has established itself as a pioneer in Kubernetes security with popular tools like kube-bench and kube-hunter, and our open source team continues to work diligently to bring meaningful new capabilities to users."