Aqua Image Scanning is designed to provide comprehensive threat detection for your container images. Notable differences when comparing to AWS native image scanning include the following features.

  • Aqua Dynamic Threat Analysis is an industry-first container sandboxing solution to detect unknown and evasive threats. This security tool is not available elsewhere, including the in the AWS native scanner.
  • Aqua Vulnerability Scanning detects and mitigate known vulnerabilities (CVEs) in your container images. Its findings are enriched by the Aqua team to provide the most accurate set of vulnerabilities and prioritization of findings. This includes more threat intelligence sources and mapped to the vendors' own prioritization when applicable.
  • Coverage of more types of Linux distributions supported by Trivy. For a complete list see OS Packages.
  • Periodic re-scanning of your images to discover newly published vulnerabilities, which goes beyond the initial scan-on-push when the image was initially added to the registry.