The December 2021 SaaS Update Release includes the following changes with respect to the previous SaaS product release.

Unless otherwise stated, all updates were made available on December 12.


TABLE OF CONTENTS


Workload Protection



Kubernetes Resources screen: Failed Checks (tab)



  • The Workloads > Kubernetes Resources screen includes the Failed Checks tab.
  • The left side of the page shows all the checks (controls) of Kubernetes Assurance Policies that have been failed by at least one Kubernetes resource. A resource can be of any of these types:
  • Workloads (Pods, Deployments, StatefulSets, DeamonSets, Jobs, CronJobs, ReplicaSets, and ReplicationControllers)
  • Services
  • Roles and RoleBindings
  • ConfigMaps
  • You can optionally filter the left-side display by:
  • Name of the Kubernetes Assurance Policy checks
  • Using the drop-down as shown, the name of a Kubernetes Assurance Policy; this will remove all checks not found in that policy
  • Selecting one of the checks on the left side will cause the display of information related to the failed check on the right side, including:
  • Basic statistics: the number of resources that failed the check, and how many namespaces and clusters they are in
  • One row for each namespace in which failed checks (of the selected type) were found. Clicking the number in the Resources column will open the Resources tab (of the Kubernetes Resources screen); it will be pre-filtered to show all resources, in the selected namespace, that failed the selected check.


Vulnerabilities screen: multiple namespace selection

On the Vulnerabilities screen in All Vulnerabilities mode, the Namespace filter supports multi-selection; this allows viewing of vulnerabilities for multiple namespaces simultaneously.


Enforcer Group configuration: Forensics setting

Enforcer group configuration page includes a new setting "Forensics" to enable sending forensics information to the Aqua Server for detect and block runtime events only. This setting is available in the Aqua Enforcer, VM Enforcer, and MicroEnforcer Advanced Settings page.


Automatic logout after inactivity


For added session security, it is now possible to configure this setting (Settings > Authentication) as low as 5 minutes (instead of 30).




Image Scanning



Enhancement for Trivy Premium scanner

The Aqua Trivy Premium scanner has been integrated with Aqua's commercial vulnerability feed. This feed has more complete information on vulnerabilities related to programming languages, which leads to improved scan results.