TABLE OF CONTENTS


Overview

The Aqua Trivy Premium scanner (or simply "Trivy Premium") is Aqua's next-generation scanning engine. It provides the best and richest scanning results, and gets security data (latest vulnerabilities, advisories, malware, etc.) from sources such as Red Hat OVAL v2. Trivy Premium will incorporate all the features of the current Aqua commercial scanner ("Legacy") and the Aqua Trivy open-source scanner (the current market-leading open-source scanner). Aqua is investing heavily in Trivy Premium, and intends to make it the default scanner in the second half of 2022.


When do I get Trivy Premium?

All Aqua Platform SaaS Edition accounts created in or after November 2021 use Trivy Premium as the scanner. (This applies to the Team, Advanced, and Enterprise plans.) If your account was created before then, you have the option of switching to Trivy; see Change the scanner selection below.


Current limitations of Trivy Premium

Trivy Premium supports many scanning-related features of the Legacy scanner. Exceptions are noted in this section.


Features that work, but are temporarily performed by the Legacy scanner

Trivy Premium does not currently support the features listed below. If you are using Trivy Premium , these features will work, but will actually be performed seamlessly by the Legacy scanner:

  • Function scanning
  • Host images and host scanning
  • Windows image scanning


Aqua intends for Trivy Premium to support these features in the second half of 2022.


Features not currently supported 

Trivy Premium does not currently support the features listed below. If you are using Trivy Premium, these features will not work at this time:

  • Custom Compliance Checks for Assurance Policies
  • Dynamic Threat Analysis (DTA)
  • Vulnerability Shield (vShield) for Red Hat OVAL v2 data (all other data feeds are currently supported)
  • VMware Tanzu Application Service (TAS) blobstore registry integration


Aqua intends for Trivy Premium to support these features in the second half of 2022.


Features deprecated

Trivy Premium does not support the feature listed below. If you are using Trivy Premium, this feature will not work, and Aqua does not plan to implement it in Trivy Premium:

  • Aqua SCAP Scanning


Change the scanner selection

To switch from the Legacy scanner to Trivy Premium or vice versa:

1. Navigate to the Settings > Scanning page.

2. From the "Scan Engine" dropdown, select either Trivy Scanner or Legacy Scanner:



Note: The scan engine selection determines the list of scanning settings that will appear in the UI. Trivy Premium offers most of the scanning features, such as "Scan for malware" and "Search for sensitive data in images and functions". However, as noted above, some features are not supported by Trivy Premium.


Rescanning images:

  • If you switch from the Legacy scanner to Trivy Premium, you should perform a full rescan of all the images from the Images page. 
  • If you switch from Trivy Premium to the Legacy scanner, you should perform a rescan (not a full rescan) of all the images.


Effect of changing your Aqua SaaS plan

If you upgrade your Aqua account to the Enterprise plan from the Team or Advanced plan, the Legacy scanner will be activated (irrespective of which scanner was enabled in the previous plan).

Downgrading your Aqua account to a lower plan will not change the scanner selection.