The November 2021 Update Release includes the following changes with respect to the previous release of the Enterprise SaaS Plan.


Workload Protection (Enterprise Plan)


User Access Control Policies



  • The definition and usage of User Access Control Policies have been deprecated. They are not relevant to Kubernetes environments and have not been fully supported in recent versions of Aqua.
  • However, it remains possible to define, under Administration > Secrets, Secrets Access Policies. Aqua Enforcers can use these to limit access to secrets to containers that belong to specific Aqua services. 
  • If you upgrade to Version 6.5, all existing User Access Control Policiesrule-secret-access rules will automatically be converted to the new built-in rule-secret-access policy.


Containers screen



  • The Workloads > Containers screen UI and behavior more closely resemble the other Workloads screens: VMs and Kubernetes Resources. It uses the unified risk indicator to show security issues and risks at the container level.
  • The column "Container Issues" has been replaced with "Security Risks", which shows different signs of risks at the container level: runtime security events, malware, vulnerabilities, sensitive data, and misconfigurations.
  • Advanced filtering: Clicking on the "funnel" icon will bring up a pop-up window titled Filter By:. You can use this to filter the list of containers by any or all of these optional criteria:
    • Application scope
    • Image name
    • Container name
    • Host (on which the container is running) name
    • Cluster name
    • Namespace
    • Controller name
    • Pod name
    • Cloud Foundry: application, space, organization
    • Security Filters: a specific vulnerability, container registration status, workload image compliance status, the highest severity of any security risk found in the container (critical, high, medium, low, or negligible), type of security risk

Select or enter text into the filters of interest, and click Filter

To refine your filtering, repeat the process; the newly created filters will be added to the existing set.