The February 2023 SaaS Update Release includes the following changes with respect to the previous SaaS product release. Unless otherwise stated, all updates were made available on February 26.
TABLE OF CONTENTS
- Aqua Platform
- Supply Chain Security
- Workload Protection
Support of supply chain security triggers in the Response Policy configuration
In the Response Policy configuration > Scan Results trigger selection:
- The following predefined triggers from the "Supply Chain Security" module have been added: "Code Repository with Critical IaC Misconfigurations" and "Code Repository with Critical Pipeline Misconfigurations".
- In the custom trigger selection, a new asset type, "Code Repository" with different attributes, has been added to configure triggering notifications or tickets when security issues are detected in the code repository or pull requests connected to it.
Application scope specification
RFE SLK-56249: The specification of application scopes has been extended with two new attributes under Infrastructure > Host: "Orchestrator type" and "Orchestrator version".
Supply Chain Security
Enhancements to Assurance Policies
The following controls have been added to Assurance Policies:
- Release Artifact Code Protection
- Release Artifact Security Checks
- SAST Severity
- Specific SAST Check
Enhancements to the Risks page
In the Risks page, new tabs have been added: SAST and Pipeline Misconfigurations.
Integration with JFrog Artifact registry
You can now integrate with JFrog cloud and on-premises artifact registries to detect security issues in the software supply chain > Artifact stage.
Dependency and Artifact stages have been added to the Tool Chain page
Aqua can now detect security issues in the software supply chain > Dependency and Artifact stages and display them in the Tool Chain page.
Enhancement to sensitive data scanning
The Sensitive Data control of Image Assurance Policies allows you to specify directories and/or files to be excluded from scanning for sensitive data.
Enhancements to the Incidents page
- In the configuration window of suppression rules for incidents, the "Suppress Audit Log" toggle has been added to set the suppression of audit logs when incidents are suppressed.
- In the Incident detailed view > Timeline tab, a graph has been added to show all the incidents by their types detected in the selected time interval.
- In the Incidents list view, all the incidents reported on the same workload, process, and resource (e.g., file, URL, artifact) are aggregated and displayed as a single incident with number of occurrences.
New field added in the Vulnerability details screen
In the Vulnerability details screen, a new field Fix reported by Aqua displays the date when Aqua reports the fix. Aqua acquires this information from various data sources such as vendors, NVD, etc.
Setting to use NVD scores and severities for evaluating image compliance
In the Settings > Scanning page, you can select "Use NVD as the preferred rating method" to use NVD scores and severities (if available) for evaluating image compliance. (This option is applicable only if you use the Trivy Premium scanner.)
UI display of vulnerability acknowledgment
Simplified MicroEnforcer sidecar deployment on AWS Fargate
RFE SLK-46579: When deploying an application container with a MicroEnforcer sidecar container in a Fargate environment, you no longer have to supply the Docker image ID of the application image in the Task Definition. Refer to Step 4: Create a Fargate Task Definition (sub-steps 5-8) in the instructions.
Did you find it helpful?Send feedback