IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
Aqua Security incorporates CIS Kubernetes benchmarks scanning into open source Trivy
Thu, 20th Apr 2023

Cloud native security provider Aqua Security has announced that the unified security scanner Aqua Trivy now provides full compliance scanning for CIS Kubernetes Benchmarks. 

With one comprehensive tool for security and compliance scanning, companies can eliminate friction and more confidently build and maintain secure cloud native applications.

Established by the Center for Internet Security (CIS), these benchmarks are widely adopted as the standard for Kubernetes security. Companies running Kubernetes strive to adhere to these recommendations for configuring Kubernetes clusters and workloads.

Aqua had previously built Kube-bench, an industry-leading open source tool for CIS compliance scanning, and now, these capabilities are integrated into Trivy for more comprehensive scanning and rich reporting. 

“Aqua Kube-bench is a tremendous success and widely adopted in the Kubernetes ecosystem," says  Itay Shakury, VP Open Source for Aqua Security.

"We appreciate the community for using, promoting and contributing to the project. With Trivy covering more Kubernetes security scenarios, it made sense to merge kube-bench into Trivy.

"We believe kube-bench users will benefit greatly from moving to Trivy, which provides better CIS benchmark results in addition to many other security features.” 

Aqua Trivy brings the unique ability to perform the complete CIS Kubernetes benchmarks scan, including scans on the Kubernetes nodes themselves. Scans are performed automatically and result in detailed reports with recommendations for improving the architecture and workloads scanned based on CIS Kubernetes Benchmarks. It also supports NSA and Pod Security Standards (PSS) compliance scans, so teams can be sure their cloud native environments are fully protected and compliant.

Additional benefits include:
Community Support — Users can rely on Aqua Trivy’s massive open source community for support, resources and feature development.
Superior Developer Experience — Trivy is easy to implement and manage. It either be used as a CLI tool on local machines, in CI pipelines or run as a Kubernetes Operator inside the cluster for continuous scans. And users have access to Trivy integrations with other cloud native tools, such as Grafana for reporting.
Rich Detail — Trivy unifies multiple scanners for cloud native security, including vulnerability, workload misconfiguration, secret scanning and more, to provide the most detailed results and recommendations possible.  

"Trivy is the most comprehensive, easy-to-use open source vulnerability and risk scanner for cloud native environments, covering more languages, OS packages and application dependencies than any other open source scanner," Aqua says. 

"It provides fast, stateless scanning with no prerequisites for installation and delivers highly accurate results with broad coverage.

"With Trivy, developers, DevOps and DevSecOps have  a more efficient, simplified tool for scanning source code, repositories, images, artefact registries, IaC templates and Kubernetes environments — all to secure cloud native applications," the company says.

Trivy is built on the largest cloud native security community, and with tens of thousands of users and over 20,000 combined GitHub stars. It is also the most popular cloud native vulnerability and risk scanner in the world and has been adopted by leading cloud platform providers and for DevOps projects like GitLab, Artifact Hub, and Harbor.