The December 2022 SaaS Update Release includes the following changes with respect to the previous SaaS product release. Unless otherwise stated, all updates were made available on December 18.


TABLE OF CONTENTS


Aqua Platform

Enhancement to the Response Policies configuration for the ServiceNow output


Supply Chain Security


Integration with Jenkins build platform

Integration with Jenkins build platform is supported to detect security issues in the build stage of the software supply chain.


Enhancements to the Risk Assessment (now Tool Chain) page

  • The Tool Chain page has been moved out of the Risk Assessment page as an independent page. The Risk Assessment page will be added again to display all the risks detected in the software supply chain.
  • The Tool Chain page now displays all the security issues detected in the build stage of the software supply chain.


Workload Protection


VMware Tanzu Application Assurance Policies: Vulnerability Exploitability control

VMware Tanzu Application Assurance Policies support the Vulnerability Exploitability control. This control will fail a VMware Tanzu policy if any exploitable vulnerabilities were detected during scanning.


Enhancements to Aqua Trivy Premium scanner

  • Aqua Trivy Premium supports Dynamic Threat Analysis (DTA).
  • Aqua Trivy Premium supports scanning serverless functions after integrating with the respective cloud accounts. (Previously, Aqua used the Legacy Scanner for function scanning even when the Trivy premium scanner was enabled.)


Cloud Workload Scanning (Agentless): Enhancement to the scan configuration in the cloud connection

When creating or editing a cloud connection, in the Scan Configuration tab > Scan Filters section, you can add the include and exclude tags with one or multiple asterisks (if you do not know the exact tag name in the cloud account) to filter the VMs for scanning.


Workload Protection and Image Scanning


Aqua Trivy Premium scanner supports containerd images

The Aqua Trivy premium scanner supports scanning images built by the containerd container engine on both the Linux and Windows operating systems. For more information, refer to Scan images using the containerd container engine.


Enhanced scheduling control over automatic pull and scan of images

When configuring automatic pulling and scanning for image registries, you can now specify days of the week and the month (in addition to times of the day).


Specify repositories as approved base images

It is possible to specify repositories in the Approved Base Image control of Image Assurance Policies. Nested repositories are allowed.