Aqua Security provides full lifecycle security for containerized applications, running either on Linux or Windows hosts. The overall goal of full container lifecycle security is the deployment of applications that ensure the security of your applications' operations, data, and computing infrastructure.

Aqua Image Assurance covers the first part of the container lifecycle: image development. The Image Assurance subsystem detects, assesses, and reports security issues in your images. Next, Aqua provides different forms of risk management, based on your preferences:

  • Aqua can block the deployment of containers based on images with security issues
  • Alternatively, it can help you mitigate the risk of deploying such containers based on images with known risks.
  • (Applicable to Advanced plan only) Through Risk-based Insights, Aqua can also identify running containers based on images with vulnerabilities and known exploits "in the wild"

This topic describes the Image Assurance activities performed by Aqua throughout the image development lifecycle.

Image Assurance activities

Image assurance comprises the following primary activities. Refer the documentation through the links provided for more information.

  • Static scanning of your images to detect static security issues such as vulnerabilities, sensitive data, and malware
  • Evaluation of image compliance with the Image Assurance policies that you define and configure
  • (Applicable to Advanced plan only) Report image scan results and compliance evaluation in the Aqua UI, as well as to external systems that are integrated with Aqua through Webhook.
  • Risk management as appropriate for your organization's security requirements

Aqua assurance alone does not prevent potentially harmful activities. However, Image Assurance policy assessments of non-compliance can be used to provide this protection. You can integrate Aqua images in the pipelines of your external CI/CD systems. If Aqua determines that an image is non-compliant with your organization's Image Assurance policies, Aqua can report the related build step to the CI/CD system as failed.