Aqua Security

Integrate automated scanning into the build process

The solution enables VMware Cloud Foundry customers to automatically scan droplets utilizing an Aqua Decorator buildpack. These scans are performed based on the Aqua Continuous Assurance policy which allows you to apply granular checks (e.g. Disallow droplets by CVSs severity, found malware, leftover RSA keys, etc) on a droplet during staging.

Aqua’s deep vulnerability scanning empowers developers by providing an automated decision as to whether an app should be allowed or disallowed during development and as it’s being promoted to production. These decisions are derived from the organization’s corporate GRC policies so the developers themselves do not have to spend precious time researching their codebase vulnerabilities.

Aqua Security for PCF features the following capabilities:

  • Scan droplets for known vulnerabilities, based
    on an updated feed from multiple resources
    (public CVEs, vendor-issued, proprietary
    vulnerability data streams and malware lists)
  • Block unauthorized droplets from being
    uploaded to stores and ran based on droplets
    assurance policies, for example:

    • Stop unauthorized droplets
    • Stop droplets by CVEs and score
    • Detect and stop droplets with hardcoded secrets
    • Detect and stop droplets with malware
  • Add custom compliance checks
  • View actionable mitigation information on how to mitigate detected vulnerabilities
  • Gain visibility into droplet vulnerabilities directly from CI/CD tools and Aqua dashboard

View Continuous Assurance Policy and Security Scanner