The October 2023 SaaS Update Release includes the following changes with respect to the previous SaaS product release. Unless otherwise stated, all updates were made available on October 15.
TABLE OF CONTENTS
- Aqua Platform
- Workload Protection
- Trivy-Operator (deployed with the KubeEnforcer) replaces Starboard (general availability delayed)
- Aqua UI link included in the Response Policy Notifications
- TLS authentication support between Aqua and Sonatype Nexus integration
- CISA (Cybersecurity and Infrastructure Security Agency) metrics on Vulnerabilities detail screen
- Windows Server 2022 support
- Account Management
- Problems fixed
- Aqua scanner product images
GCP organizational onboarding
(available November 6)
Update to list of sub-processors
(available October 31)
As a side effect of using Aqua Platform, your data may be processed by one or more third-party businesses or contractors, known as sub-processors. The list of sub-processors has been updated on the Aqua Security Data Processing documentation page.
Trivy-Operator (deployed with the KubeEnforcer) replaces Starboard (general availability delayed)
Delivery of this feature, previously announced, has been delayed to allow us to complete our standard performance and capacity testing. As before, Starboard will be deployed when deploying KubeEnforcers using manifest files or Helm charts.
If you have deployed any KubeEnforcers with Trivy-Operator, and are experiencing performance issues, we recommend that you redeploy them with Starboard.
We will update these Release Notes when Trivy-Operator becomes generally available.
Aqua UI link included in the Response Policy Notifications
Notifications triggered by Response Policies will include a direct link to the corresponding Aqua UI page for viewing complete event details.
TLS authentication support between Aqua and Sonatype Nexus integration
The Sonatype Nexus Repository OSS registry type now supports the integration of the Sonatype Nexus image registry with Aqua using TLS authentication through the following attributes:
- Private Key
CISA (Cybersecurity and Infrastructure Security Agency) metrics on Vulnerabilities detail screen
CISA information is displayed on the Vulnerabilities detail screen, providing insights to prioritize vulnerability remediation efforts. For each CVE categorized as a known exploited vulnerability, the following metrics are available:
- Published date by CISA
- Due Date by CISA
Note that CISA information is only available for vulnerabilities detected with the Trivy Premium scanner.
Windows Server 2022 support
Aqua Platform Environment and Components
The architectural diagram and component descriptions in Aqua Platform Environment and Components have been rewritten to more accurately describe the architecture of the Aqua SaaS Platform.
Behavioral Detection signatures
The Signatures List for Behavioral Detection has been updated with new and updated signatures.
New Aqua Enforcer environment variable
Refer to Aqua Enforcer (optional environment variables) for documentation of AQUA_PRELOAD_NO_LIBDL.
V1/hostsbatch API endpoint
The request and response structures of the Create Enforcer Group (hostsbatch) V1 API endpoint have been updated.
The Account Management API Keys screen allows you to generate and manage Aqua Platform API keys and secrets. Refer to API Keys for updated documentation on this functionality. (Note: API key and secret generation was previously part of the CSPM module.)
Aqua ID: SLK-66887
Summary: It is not possible to log in to the Aqua UI using SSO.
Aqua ID: SLK-67705
Summary: The console crashes daily due to a continuous increase in memory consumption.
Aqua Server (UI)
Aqua ID: SLK-66900
Summary: The data displayed on the 'Host Assurance Policy Compliance' widget is sometimes inconsistent.
Aqua ID: SLK-67624
Summary: Vulnerability data from other images is sometimes seen when exporting the data for a specific image.
Aqua ID: SLK-68334
Summary: The Risk Explorer screen sometimes unresponsive due to performance issues.
Aqua ID: SLK-69901
Summary: Unable to view Kubernetes and kubelet resources in the AKS cluster on the Workloads > VMs screen.
Aqua ID: SLK-71380
Summary: The Application Scopes option is sometimes not visible in the Administration menu of the UI.
Aqua ID: SLK-73161
Summary: Non-compliant VMs are sometimes displayed as 'Passed' on the Workloads > VMs > Scan History tab.
Aqua ID: SLK-70287
Freshdesk: 32419 and 33003
Summary: The automatic schedule set up to pull and scan images from the Harbor registry, as configured in the Integrations > Image Registries > Registry Configuration tab, sometimes does not work as expected.
Aqua ID: SLK-73157
Summary: Unable to integrate Amazon Elastic Container Registry using a cloud connector.
Aqua ID: SLK-73484
Summary: Automatic cleanup of images and repositories, as configured in the Integrations > Image Registries > Registry Configuration tab, sometimes does not work as expected.
Aqua ID: SLK-63786
Summary: The Trivy Premium scanner fails to save the Aqua GUID after scanning a MicroEnforcer image, causing Workloads to be tagged as "Unregistered Image," even though the image is registered with Aqua.
Aqua ID: SLK-68019 and SLK-69913
Summary: The error "Failed loading previous results, cannot continue twirp error internal: image scan data does not exist” occurs at times during the rescan of an image.
Aqua ID: SLK-70102
Summary: Scan results are sometimes sent to the Webhook even when the "Enable sending image scan results to webhook" option is disabled.
Aqua ID: SLK-71218
Summary: The "Error Message in Scanner Container Log: Scanner with same logical name already exists" error occurs at times when setting up a scanner.
Aqua ID: SLK-71561 and SLK-71615
Summary: "Twirp syntax" errors are sometimes seen when images are scanned.
Aqua ID: SLK-72227
Summary: Postee log events of a specific scanned image are sometimes seen in the server logs, even when the associated Response Policy is disabled.
Aqua ID: SLK-73162
Summary: Critical vulnerabilities in an image are at times ignored during image scans through the CI/CD pipeline.
Aqua scanner product images
To obtain the Aqua scanner product images:
- Login to the Aqua Registry with this command; replace <AQUA_USERNAME> and <AQUA_PASSWORD>with the SSO credentials you have received from Aqua Security.
docker login registry.aquasec.com -u <AQUA_USERNAME> -p <AQUA_PASSWORD>
- Once you have logged in, you can pull the Linux scanner image.
- You can download the scanner (Windows) and scanner-cli binary by using your Aqua username and password at download.aquasec.com.
|Component||Image name / download link|
|scanner (Linux: AMD64)||registry.aquasec.com/scanner:2310.2.6|
|scanner (Windows) for Azure DevOps||AquaScannerWindowsInstaller.2310.2.6.vsts.zip|
Did you find it helpful?Send feedback