Supply Chain Security Overview
TABLE OF CONTENTS
Introduction
Supply Chain Security protects your software supply chain, including code development, commit, build, and production deployment. Supply Chain Security protects your CI/CD pipelines against attacks and the unintentional introduction of security risks such as vulnerabilities, sensitive data, and misconfigurations.
Aqua offers security to your software supply chain as explained below:
- Offers you the ability to integrate with different source code management tools, CI/CD build platforms, and specific pipelines in the build platform
- Discovers all assets and builds in the CI/CD pipelines
- Offers you the ability to integrate with a pipeline in the specific combination of source code management tool and CI/CD build system to discover the release artifacts created in the pipeline
- Discovers all the code dependencies in the release artifacts and scans them for vulnerabilities
- Scans the code repositories hosted on different source code management tools and CI builds systems and discovers pipelines, builds, artifacts, and dependencies associated with the code repositories
- Detects security issues: vulnerabilities, sensitive data, and IaC misconfigurations in the code repositories using predefined checks
- Detects security issues in each stage of the software supply chain: Source Code, Dependency, Build, and Artifact
- Performs Static Application Security Testing (SAST) checks on the application code in the code repositories and detects security issues
- Offers you the ability to create Assurance Policies which are evaluated on the results of the code repository scans. After Assurance Policies are applied to the code repositories, Aqua determines whether a code repository is compliant with the applicable Assurance Policies.
For more information
To learn more about Supply Chain Security and what you can do using the following pages:
- Integrations:
- Refer to Code Repository Integrations for integration with source code management tools hosted on SaaS
- Refer to Integration with On-Premises Code Repositories for integration with source code management tools hosted on-premises
- Refer to Integration with Cloud Artifact Registries for integration with artifact registries hosted on SaaS
- Refer to Integration with On-Premises Artifact Registries for integration with artifact registries hosted on-premises
- Code Repositories: Refer to Code Repositories and Checks and Code Repository Scan Detailed View
- Release Artifacts: Refer to Release Artifacts
- Tool Chain: Refer to Tool Chain
- Build Pipelines: Refer to Build Pipelines
- Dependencies: Refer to Code Repository Dependencies
- Security Risks: Refer to Risks in Code Repositories
- Assurance Polices: Refer to Assurance Policies and Operations on Assurance Policies
- Suppression Rules: Refer to Create Suppression Rules
Did you find it helpful? Yes No
Send feedbackSorry we couldn't be helpful. Help us improve this article with your feedback.