TABLE OF CONTENTS
Supply Chain Security protects your software supply chain, including code development, commit, build, and production deployment. Supply Chain Security protects your CI/CD pipelines against attacks and the unintentional introduction of security risks such as vulnerabilities, sensitive data, and misconfigurations.
Aqua offers security to your software supply chain as explained below:
- Offers you the ability to integrate with different source code management tools, CI/CD build platforms and specific pipelines in a platform
- Discovers all assets and builds in the pipelines
- Offers you the ability to integrate with a pipeline in the specific combination of SCM tool and CI/CD build system to discover the release artifacts created in the pipeline.
- Discovers all the dependencies used in developing the application code and populated in the release artifacts.
- Scans all the dependencies in the release artifacts and detects vulnerabilities which will help developers in finding security issues in the code dependencies and fixing them
- Scans the code repositories hosted on different SCM tools and builds on these repositories
- Detects security findings such as vulnerabilities, sensitive data, and misconfigurations using predefined checks
- Offers you the ability to create Build Assurance Policies which are evaluated on the results of the code repository scans. After Build Assurance Policies are applied to the code repositories, Aqua determines whether a repository is compliant with the applicable Build Assurance Policies.
For more information
To learn more about Supply Chain Security and what you can do using the following pages:
- Integrations: Refer to Code Repository Integrations for integration with SCM tools hosted on SaaS. Refer to Integration with On-Premises Code Repositories for integration with SCM tools hosted on-premises.
- Build Assurance Polices: Refer to Build Assurance Policies and Operations on Build Assurance Policies
- Suppression Rules: Refer to Create Suppression Rules
- Code Repositories: Refer to Code Repositories and Checks and Code Repository Scan Detailed View
- Release Artifacts: Refer to Release Artifacts
- Tool Chain: Refer to Tool Chain
- Build Pipelines: Refer to Build Pipelines
Did you find it helpful?Send feedback