Aqua Security makes extensive efforts to ensure that all Aqua Platform product images are released without security issues that could impact your environments. Our product image release process includes the following measures:

  • As part of our continuous integration (CI) pipeline, all product images are scanned for security issues (vulnerabilities, malware, and sensitive data) using our commercial Supply Chain Security and Scanner products.
  • We will not release any product images containing fixable vulnerabilities of critical severity, malware, or sensitive data.
  • We may release product images containing vulnerabilities of high or medium severity. Counting from the time the vendor makes a fix available, we will fix the affected image(s) within the timeframe stipulated by our SLA; this depends on the severity of the vulnerability:
    • High: 14 days
    • Medium: 90 days
  • If we cannot provide a fix because of dependencies on third-party (OSS) code that cannot be fixed, we will notify you in the related Release Notes.