TABLE OF CONTENTS

Introduction

Supply Chain Security protects your software supply chain, including code development, commit, build, and production deployment. Supply Chain Security protects your CI/CD pipelines against attacks and the unintentional introduction of security risks such as vulnerabilities, sensitive data, and misconfigurations.


Aqua offers security to your software supply chain as explained below:

  • Offers you the ability to integrate with different source code management tools, CI/CD build platforms and specific pipelines in a platform
  • Discovers all assets and builds in the pipelines
  • Offers you the ability to integrate with a pipeline in the specific combination of SCM tool and CI/CD build system to discover the release artifacts created in the pipeline. 
  • Discovers all the dependencies used in developing the application code and populated in the release artifacts. 
  • Scans all the dependencies in the release artifacts and detects vulnerabilities which will help developers in finding security issues in the code dependencies and fixing them
  • Scans the code repositories hosted on different SCM tools and builds on these repositories
  • Detects security findings such as vulnerabilities, sensitive data, and misconfigurations using predefined checks
  • Offers you the ability to create Build Assurance Policies which are evaluated on the results of the code repository scans. After Build Assurance Policies are applied to the code repositories, Aqua determines whether a repository is compliant with the applicable Build Assurance Policies. 


For more information

To learn more about Supply Chain Security and what you can do using the following pages: