TABLE OF CONTENTS

Introduction

Supply Chain Security protects your software supply chain, including code development, commit, build, and production deployment. Supply Chain Security protects your CI/CD pipelines against attacks and the unintentional introduction of security risks such as vulnerabilities, sensitive data, and misconfigurations.


Aqua offers security to your software supply chain as explained below:

  • Offers you the ability to integrate with different source code management tools, CI/CD build platforms, and specific pipelines in the build platform
  • Discovers all assets and builds in the CI/CD pipelines
  • Offers you the ability to integrate with a pipeline in the specific combination of source code management tool and CI/CD build system to discover the release artifacts created in the pipeline
  • Discovers all the code dependencies in the release artifacts and scans them for vulnerabilities
  • Scans the code repositories hosted on different source code management tools and CI builds systems and discovers pipelines, builds, artifacts, and dependencies associated with the code repositories
  • Detects security issues: vulnerabilities, sensitive data, and IaC misconfigurations in the code repositories using predefined checks
  • Detects security issues in each stage of the software supply chain: Source Code, Dependency, Build, and Artifact
  • Performs Static Application Security Testing (SAST) checks on the application code in the code repositories and detects security issues
  • Offers you the ability to create Assurance Policies which are evaluated on the results of the code repository scans. After Assurance Policies are applied to the code repositories, Aqua determines whether a code repository is compliant with the applicable Assurance Policies. 


For more information

To learn more about Supply Chain Security and what you can do using the following pages: