The March 2022 SaaS Update Release includes the following changes with respect to the previous SaaS product release.


TABLE OF CONTENTS


Image Scanning and Workload Protection



Additional predefined default Image Assurance Policies

These new predefined Image Assurance Policies are named "default" because they have the Global application scope:

  • Malware-Default-Policy: includes the Malware control
  • Sensitive-Data-Default-Policy: includes the Sensitive Data control


Image Assurance Policies: scope filtering of images by repository

In Image Assurance Policies, the additional scope criteria can specify filtering of images by repository. Refer to Specific Scope Definitions for Image Assurance Policies for all scope filtering options.


Images screen enhancements

It is possible to filter the images listed in the Images screen by failed Image Assurance Policy.


Vulnerabilities screen enhancements

The Vulnerabilities screen, when viewing All Vulnerabilities, allows selection of multiple severity levels simultaneously (multi-select) for filtering the list.


IBM Cloud Container Registry integration

It is possible to integrate with IBM Cloud Container Registries by specifying ICR Region, account ID, username, and password.


Support for ACR integration using token authentication

It is possible to integrate with Azure Container Registry through token authentication, by using token name and token password.


Base image identification from child image when they were built using different tools

If you use the Legacy commercial scanner, the Scanning Settings page includes the Save uncompressed image layers in cache checkbox for mapping the child image with the base image, if they were built with different image build tools. 


Enhancements for Trivy Premium scanner

The Aqua Trivy Premium scanner:

  • Supports scanning objects for sensitive data and malware
  • Detects vulnerabilities in more than 500 kinds of standalone binaries (applications installed directly without the use of a package manager). For the complete list of standalone binaries, contact Aqua Security.
  • Supports Oval 2 security feed from Red Hat to get the best and richest results for the Red Hat artifacts directly from Red Hat. Trivy Premium is also a certified scanning partner of Red Hat.


Vulnerability Exploitability control for Image, Function, and Host Assurance Policies

  • Image, Function, and Host Assurance Policies support the "Vulnerability Exploitabilitycontrol. If included in a policy, this control will fail the image, serverless function, and host if any exploitable vulnerabilities are detected during scanning. 
  • The Scan Report output of the Jenkins Plugin for Image Scanning includes information about all exploitable vulnerabilities detected. 


Setting in the Image registry configuration to pull and scan the latest images

Image Registry integration > Registry Configuration > Advanced settings includes a new option which will automatically pull and scan only the specified number of latest images from the repositories.


Workload Protection



Dashboard: drill down for details

Several dashboard widgets contain clickable text elements; clicking them will open a UI screen that shows details of the element in question. For example: In the "Images with Security Issues" widget, clicking the text "Contain Malware" will open the Images screen, pre-filtered to show all images with malware found during scanning.


The widgets and their clickable elements are as follows:


Dashboard widgetDrill down for details
Container Runtime Events

All

Blocked events

Detected events

Malware events

Containers with Security IssuesContainers (all)
Unregistered running containers
Containers with Image Issues:
  • Contain vulnerabilities
  • Contain sensitive data
  • Contain malware
  • Non-compliant
Containers with Runtime Issues:
  • With blocking events
  • With detection events
  • Run as superuser
  • Run in privileged mode
Host Assurance Policy ComplianceHosts
Non-compliant
Malware
Compliant
Host Runtime EventsAll
Blocked events
Detected events
Malware events
Image Assurance Policy Compliance

Registered Images

Non-compliant

Compliant

Images with Security Issues

Contain vulnerabilities

Contain malware

Contain sensitive data


Vulnerabilities screen enhancements

In the Vulnerabilities screen, the filter drop-down menu allows selection of more than one vulnerability severity (e.g., both Critical and High).


Enhanced audit event filtering

There are additional ways to filter the list of events shown in the Audit screen.


Audit Type


SelectionIncludes audit events related to...

Non-Compliant


  • Non-compliant images, and containers running from them
  • Non-compliant functions and their run-time execution
  • Non-compliant hosts and their run-time activities

Sensitive DataImages, functions, and hosts in which sensitive data is detected during scanning 


More Filters


SelectionIncludes audit events related to... 
Container Runtime Control NameThe Container Runtime Policy control(s) whose names include the text you enter into the Search field 
Host Runtime Control NameThe Host Runtime Policy control(s) whose names include the text you enter into the Search field


Example: If you Select "Container Runtime Control Name" and enter "Blocked" into the Search field, the filter will include audit events related to both the Executables Blocked and Volumes Blocked controls.


Additional predefined default Host Assurance Policies

These new predefined Host Assurance Policies are named "default" because they have the Global application scope:

  • Malware-Default-Policy: includes the Malware control
  • Sensitive-Data-Default-Policy: includes the Sensitive Data control


Aqua Cloud Connector: token-based authentication


The Aqua Cloud Connector can connect to the console through the proxy server using a token-based authentication method; the AQUA_CLOUD_CONNECTOR_TOKEN environment variable is used in place of a username and password.