Aqua Trivy Premium Scanner
TABLE OF CONTENTS
- Overview
- When do I get Trivy Premium?
- Current limitations of Trivy Premium
- Change the scanner selection
- Effect of changing your Aqua SaaS plan
Overview
The Aqua Trivy Premium scanner (or simply "Trivy Premium") is Aqua's next-generation scanning engine. It provides the best and richest scanning results, and gets security data (latest vulnerabilities, advisories, malware, etc.) from sources such as Red Hat OVAL v2. Trivy Premium will incorporate all the features of the current Aqua commercial scanner ("Legacy") and the Aqua Trivy open-source scanner (the current market-leading open-source scanner). Aqua is investing heavily in Trivy Premium, and intends to make it the default scanner in the second half of 2022.
When do I get Trivy Premium?
All Aqua Platform SaaS Edition accounts created in or after November 2021 use Trivy Premium as the scanner. (This applies to the Team, Advanced, and Enterprise plans.) If your account was created before then, you have the option of switching to Trivy; see Change the scanner selection below.
Current limitations of Trivy Premium
Trivy Premium supports many scanning-related features of the Legacy scanner. Exceptions are noted in this section.
Features that work, but are temporarily performed by the Legacy scanner
Trivy Premium does not currently support the features listed below. If you are using Trivy Premium , these features will work, but will actually be performed seamlessly by the Legacy scanner:
- Function scanning
- Host images and host scanning
- Windows image scanning
Aqua intends for Trivy Premium to support these features in the second half of 2022.
Features not currently supported
Trivy Premium does not currently support the features listed below. If you are using Trivy Premium, these features will not work at this time:
- Custom Compliance Checks for Assurance Policies
- Dynamic Threat Analysis (DTA)
- Vulnerability Shield (vShield) for Red Hat OVAL v2 data (all other data feeds are currently supported)
- VMware Tanzu Application Service (TAS) blobstore registry integration
Aqua intends for Trivy Premium to support these features in the second half of 2022.
Features deprecated
Trivy Premium does not support the feature listed below. If you are using Trivy Premium, this feature will not work, and Aqua does not plan to implement it in Trivy Premium:
- Aqua SCAP Scanning
Change the scanner selection
To switch from the Legacy scanner to Trivy Premium or vice versa:
1. Navigate to the Settings > Scanning page.
2. From the "Scan Engine" dropdown, select either Trivy Scanner or Legacy Scanner:
Note: The scan engine selection determines the list of scanning settings that will appear in the UI. Trivy Premium offers most of the scanning features, such as "Scan for malware" and "Search for sensitive data in images and functions". However, as noted above, some features are not supported by Trivy Premium.
Rescanning images:
- If you switch from the Legacy scanner to Trivy Premium, you should perform a rescan (not a full rescan) of all the images from the Images page.
- If you switch from Trivy Premium to the Legacy scanner, you should perform a full rescan of all the images.
Effect of changing your Aqua SaaS plan
If you upgrade your Aqua account to the Enterprise plan from the Team or Advanced plan, the Legacy scanner will be activated (irrespective of which scanner was enabled in the previous plan).
Downgrading your Aqua account to a lower plan will not change the scanner selection.
Did you find it helpful? Yes No
Send feedback