Aqua Security
Integrate automated scanning into the build process
The solution enables VMware Cloud Foundry customers to automatically scan droplets utilizing an Aqua Decorator buildpack. These scans are performed based on the Aqua Continuous Assurance policy which allows you to apply granular checks (e.g. Disallow droplets by CVSs severity, found malware, leftover RSA keys, etc) on a droplet during staging.
Aqua’s deep vulnerability scanning empowers developers by providing an automated decision as to whether an app should be allowed or disallowed during development and as it’s being promoted to production. These decisions are derived from the organization’s corporate GRC policies so the developers themselves do not have to spend precious time researching their codebase vulnerabilities.
Aqua Security for PCF features the following capabilities:
- Scan droplets for known vulnerabilities, based
on an updated feed from multiple resources
(public CVEs, vendor-issued, proprietary
vulnerability data streams and malware lists) - Block unauthorized droplets from being
uploaded to stores and ran based on droplets
assurance policies, for example:- Stop unauthorized droplets
- Stop droplets by CVEs and score
- Detect and stop droplets with hardcoded secrets
- Detect and stop droplets with malware
- Add custom compliance checks
- View actionable mitigation information on how to mitigate detected vulnerabilities
- Gain visibility into droplet vulnerabilities directly from CI/CD tools and Aqua dashboard