Aqua Workload Protection provides full lifecycle security for your cloud native applications (containers, orchestrators, cloud VMs, and serverless functions) at a very granular level. Aqua includes preventive controls to secure the development pipeline; protects applications in runtime; detects and blocks attacks; and provides visibility and auditing for security risk management and compliance.


  • Integrates with your existing workflows for building, shipping, running, and securing your cloud workloads
  • Works with the leading orchestrators and cloud provider platforms

  • Secures environments consisting of servers running Linux and Windows, as well as CaaS and FaaS cloud services

  • Provides you with full audit logs of security-related events that have occurred on your hosts or in your containers and serverless functions

The main product documentation for Workload Protection may be found in the Aqua Platform Documentation Portal, under SaaS. The documentation links in this and other topics point to specific information in that portal.


Secure the build

  • Image Assurance for assessing container images against vulnerabilities, sensitive data (such as secrets), and malware
  • Risk-based Insights helps you focus on the most important and urgent vulnerabilities to mitigate, including running containers based on images with exploits in the wild
  • Integration with Aqua Dynamic Threat Analysis (DTA) for dynamic analysis of container behavior in a sand-boxed environment
  • Function Assurance for detecting security issues in your AWS Lambda and Microsoft Azure cloud environments

Secure the infrastructure

  • Automated penetration testing (pen testing) of Kubernetes clusters, using the kube-hunter, an Aqua Security open-source tool that hunts for security issues in Kubernetes clusters
  • Host Assurance for assessing VMs against vulnerabilities, malware, and security best practices (e.g., CIS benchmarks)
  • Host Runtime Protection for protecting your VMs against malicious and unauthorized activities
  • Automated discovery of Kubernetes resources in your clusters and vulnerability scanning on Linux hosts via the Aqua KubeEnforcer

Secure the workloads

Holistic approach to security for Kubernetes and other applications

Aqua secures your application build (e.g., container images), infrastructure, and workloads. See Securing Kubernetes Applications.

Monitoring, auditing, and compliance

  • The Risk Explorer presents a dynamic display of the workloads (containers) and host VMs in your cloud native environment, and the security risks associated with them.
  • Aqua provides comprehensive auditing of security-related and administrative events.


Aqua can be integrated with a wide variety of:

  • Container orchestration platforms (orchestrators and cloud provider stacks). You can also deploy Aqua in environments without an orchestration platform, like a standalone Docker host.
  • Container engines
  • Host operating systems
  • Public and private image registries
  • CI/CD systems
  • Log management and monitoring systems
  • Secret key stores

... and more. See System Requirements and Supported Integrations for complete lists.

Aqua can also be integrated with security tools in your infrastructure to support existing workflows and provide aggregated, consolidated views:

  • Threat feeds that include vulnerability data, indications of compromise, and threat mitigation controls
  • SIEM (security information and event management) systems