https://www.aquasec.com/tag/image-vulnerability-scanning/ Cloud Native Security, Container Security & Serverless Security Mon, 15 Jul 2024 09:36:57 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.5 https://www.aquasec.com/blog/trivy-scans-unpackaged-binary-files/ Wed, 02 Nov 2022 17:51:23 +0000 https://www.aquasec.com/?p=14562 Trivy, the all-in-one security scanner, is now able to scan binary files in your scan targets such as container images. Most security scanners rely on package managers to discover vulnerabilities. Trivy now uses Rekor from Sigstore to look up the hash of a binary file. If a relevant SBOM is found through the hash, Trivy …]]> https://www.aquasec.com/blog/find-new-openssl-vulnerabilities-with-trivy/ Tue, 01 Nov 2022 18:21:44 +0000 https://www.aquasec.com/?p=14568 Today, OpenSSL announced two new CVEs and mitigation recommendations. This blog provides guidance as to how you can identify the Open SSL vulnerability using Trivy. To both identify and mitigate the vulnerability, see this blog post Updated Security Advisory: New OpenSSL Vulnerabilities about mitigation with assurance policies in Aqua’s software supply chain solution. Package installed via …]]> https://www.aquasec.com/blog/openssl-vulnerability-2022/ Fri, 28 Oct 2022 15:25:11 +0000 https://www.aquasec.com/?p=14574 The OpenSSL project has pre-announced a new and critical severity vulnerability, which was downgraded to High as of today, Nov. 1, 2022. The initial pre-announcement blog has been updated here to reflect additional remediation guidance. About OpenSSL OpenSSL offers users an open source option to implement the TLS protocol, with a cryptography library that allows …]]> https://www.aquasec.com/blog/trivy-software-supply-chain-security/ Thu, 22 Sep 2022 15:44:36 +0000 https://www.aquasec.com/?p=14615 Application security teams are challenged today with the need for a centralized view of exposure to security issues like Log4j and Spring4Shell. But an exploding set of artifacts and security tools makes it prohibitively difficult to secure the development life cycle. A universal scanner drastically reduces this management overhead and gets you started quickly. We …]]> https://www.aquasec.com/blog/trivy-v0-29-0-rbac-security/ Wed, 22 Jun 2022 12:31:24 +0000 https://www.aquasec.com/?p=14759 The new Trivy release is out! As ever, there are tons of exciting updates and features, such as role-based access control (RBAC) and Helm chart scanning, support for custom extensions, a Trivy Operator Lens integration, and many more. Read on for feature highlights and try them out. RBAC scanning RBAC scanning has been a long-requested …]]> https://www.aquasec.com/blog/cve-2021-44832-arbitrary-code-execution-log4j-vulnerability/ Wed, 29 Dec 2021 15:19:48 +0000 https://www.aquasec.com/?p=15004 This holiday season, adversaries aren’t taking a vacation, massively exploiting multiple vulnerabilities in Log4j, a highly popular Java logging library. Amid the ongoing efforts of organizations to patch their vulnerable systems, a new Log4j vulnerability, tracked as CVE-2021-44832, has been discovered. It allows for an arbitrary code execution via JDBC Appender when an attacker can …]]> https://www.aquasec.com/blog/second-log4j-security-vulnerability/ Wed, 15 Dec 2021 14:35:32 +0000 https://www.aquasec.com/?p=15041 Dec 17 update: The CVSSv3 score for CVE-2021-45046 has been raised from 3.7 to 9.0. While many organizations are still dealing with the discovery and mitigation process for the previous Log4j CVE, the project has announced that another vulnerability CVE-2021-45046 has been discovered due to an incomplete fix in Log4j 2.15.0. In response, a new …]]> https://www.aquasec.com/blog/cve-2021-44228-log4shell-vulnerability-explained/ Sun, 12 Dec 2021 16:42:26 +0000 https://www.aquasec.com/?p=15050 Log4Shell, a new, critical zero-day vulnerability that crashed onto the scene last Friday, shows how issues that are hidden in seemingly basic functionality can have major repercussions for enterprise security. When the dust settles from the immediate incident response and remediation, organizations should assess how they can improve their detection and responses, because this vulnerability …]]> https://www.aquasec.com/blog/trivy-golang-scanning/ Tue, 09 Nov 2021 16:31:58 +0000 https://www.aquasec.com/?p=15083 A standard piece of security advice is to reduce the size of your container images, usually by using statically compiled binaries in a scratch or distroless container. However, that complicates container vulnerability scanning, because it becomes impossible to determine the versions of software installed in a container image. Fortunately, if you’re using Trivy, a popular …]]> https://www.aquasec.com/blog/what-is-cnapp/ Thu, 28 Oct 2021 10:03:46 +0000 https://www.aquasec.com/?p=15107 A prospect’s CISO recently asked me: “I’m facing a growing stream of vulnerabilities coming from our CI/CD pipelines on the one hand, while our SecOps team is flooded with alerts and configuration issues from our production environment. How do I reconcile those separate streams and focus on what’s really important?” “Well,” I responded, “funny you …]]>