The May 2022 SaaS Update Release includes the following changes with respect to the previous SaaS product release.

Unless otherwise stated, all updates were made available on May 9.


Image Scanning and Workload Protection

New Aqua plugin version for Azure DevOps for Image Scanning

Aqua plugin Version 4.1.16 for Azure DevOps Extension has been released to implement the default scanner image scanner:6.5.

Workload Protection

Host Assurance

Aqua Platform supports scanning VMs (hosts) for sensitive data. Previously, Aqua scanned only container images and serverless functions for sensitive data.

New notification system integrations

The Integrations > Notifications page supports new types of external notification systems: Jira, Microsoft Teams, ServiceNow, Splunk, and Slack, as well as email and webhook notifications. This page has been redesigned for simplicity.

Response Policies and external notification of potential security threats

You can create Response Policies to send notifications of security threats and malicious activities detected in your environment. The notifications can be sent to one or more external notification systems.

Cloud workload scanning

Aqua offers Cloud Workload Scanning to scan running VMs in the cloud VM disks integrated with your AWS account(s), without deploying an Enforcer or accessing the running VMs directly.

Compliance of Kubernetes nodes with DISA STIG benchmarks

When a KubeEnforcer is deployed, you can obtain the evaluation results of DISA STIG (Defense Information Systems Agency Security Technical Implementation Guides) benchmarks on your Kubernetes infrastructure. These results are displayed in the UI page Security Reports > DISA STIG Benchmarks. Refer to the product documentation.

Workload Protection: Runtime Protection Modes (Express and Custom)


For more complete information, see the product documentation.

Aqua enforcement secures your workloads and infrastructure during runtime. Aqua offers two distinct modes for runtime protection: Express Runtime Protection Mode and Custom Runtime Protection Mode. For brevity, these will be called Express Mode and Custom Mode, respectively. The Runtime Protection Mode selection does not affect Aqua assurance functionality.

Express Runtime Protection mode

Express Mode provides low-friction, recommended best-practices runtime protection for containers, VM workloads, and Kubernetes clusters. As compared with Custom Mode:

  • Express Mode uses only a single security configuration for all runtime protection. An initial recommended configuration is predefined by Aqua; it allows some customization. For consistency with Custom Mode, this configuration is called a Runtime Policy. 
  • a scale

In Express Mode, Aqua Enforcers and KubeEnforcers use eBPF technology (on supporting operating systems) for low-impact instrumentation, to impact running applications minimally.

Express Mode is the recommended runtime protection configuration for most users and use cases. It deploys Aqua's expert Runtime Protection policies across your cloud-native workloads. Express Mode is optimized for rapid and safe deployment, and is recommended for new deployments.

Custom Runtime Protection mode

Custom Mode provides runtime protection for containers, VM workloads, Kubernetes clusters, and serverless functions, with highly granular control over runtime security policies.

Custom Mode allows you to customize workload protection. It gives you direct control over policies and Enforcer group settings Custom Mode is recommended for advanced users only. This is also the mode of operation of all earlier versions of Aqua.

Limitations of Express Mode

As described above, Express Mode provides a simplified security configuration. In other words, you need to use Custom Mode to access the complete granular control of Container Runtime Policies and Host Runtime Policies.

In addition, Express Mode does not support the following features. If you require any of this functionality, you will need to work in Custom Mode.

  • Image Profiles 
  • Vulnerability Shields (vShields)
  • Runtime protection for serverless functions
  • Aqua Services
  • Secrets management

Express Mode availability

Express Mode is available only for new deployments of Aqua SaaS (and Aqua Enterprise Self-Hosted Edition Version 2022.4). Please contact Aqua Security if you would like your system to be configured to run in Express Mode.

If you are using Express Mode, you have the option of switching to Custom Mode. 

If you switch to Custom Mode, you will not be able to revert to Express Mode.