Aqua provides Function Assurance for AWS Lambda, Microsoft Azure, and Google Cloud functions. This comprises these aspects of risk assessment and mitigation:

  • Scanning your functions in cloud accounts for vulnerabilities (opensource libraries or OS dependencies) and sensitive data (such as access and secret keys). AWS and Azure (but not Google) functions are also checked for excessive permissions (e.g., AWS IAM roles). The Aqua CyberCenter maintains a list of known security issues.
  • Evaluating the risk of your functions, based on the scanning findings, according to Function Assurance Policies. You create and configure these policies to define the acceptable risks in your serverless environment.
  • Determining whether your functions are compliant, based on these policies
  • For AWS and Azure (but not Google) functions: Taking security-related actions that you define, such as preventing the execution of risky functions (those which violated the Assurance Policies) or failing the pipeline of your CI/CD development tools.
  • Providing complete auditing of all security risks found. You can review the results of the security evaluation either in the Aqua Server or in a SIEM or other system.

For more information

It is recommended that you read the Function Assurance Overview in the product documentation.