The November 2023 SaaS Update Release includes the following changes with respect to the previous SaaS product release. Unless otherwise stated, all updates were made available on November 12.


Aqua Platform

AWS account onboarding with Terraform

(This feature is planned for general availability in December 2023. Please contact Aqua Security if you are interested in early availability.)

AWS Auto-Discovery now supports onboarding a single AWS account by using a Terraform template; this is an alternative to the existing onboarding based on a CloudFormation template.

Workload Protection

Trivy-Operator: delayed availability

In the 2023 October Update Release, we had announced the Trivy-Operator as a replacement for Starboard when deployed with the KubeEnforcer. General availability of this feature has been delayed to allow us to complete our standard performance and capacity testing.

We will update these Release Notes when Trivy-Operator becomes generally available.

Suppress Aqua incidents by image repository

You can now configure an incident suppression rule to suppress the Aqua incidents reported on the selected image repositories.

V2 risks/vulnerabilities API endpoint enhancement to support exact match

The v2 API risks/vulnerabilities endpoint now includes a new parameter called "exact match," which filters and lists only the vulnerabilities whose names precisely match this parameter.

AWS Bottlerocket support

The Aqua Enforcer, MicroEnforcer, and KubeEnforcer support AWS Bottlerocket Version 1.15.1; certain limitations apply.

IBM Power10 support expanded

The Aqua Enforcer and KubeEnforcer support IBM Power10 systems with the ppc64le architecture. The support coverage has been expanded with respect to previous releases of Aqua; see also Platform Support Differences and Limitations (IBM Power10).

Enforcers screen

When operating in Lightning Mode, the Enforcers screen now shows Enforcer groups.


Runtime Protection modes

The topic Runtime Protection Modes: Lightning and Classic has been updated. Specifically, the section on Limitations of Lightning Mode has been clarified.

Behavioral Detection

The Behavioral Detection documentation has been updated and improved.


The Deployments documentation page makes it easier to find the appropriate documentation for deploying Aqua Platform components.

Supply Chain Security

Ability to export SBOM in various formats

You can now export SBOM for Code Repository Dependencies in the formats: SPDX and SPDX JSON (in addition to the already supported CycloneDX format).

Enhancement to the "Specific IaC Misconfiguration" control

In Assurance Policies and Suppression Rules, the Specific IaC Misconfiguration control has been enhanced to enable configuration using the specific Aqua Check ID (AVD ID). You can obtain the check ID of any IaC misconfiguration from the Risks > IaC Misconfigurations tab.

Code Repository Integrations (documentation)

The Code Repository Integrations documentation has been updated to include:

Problems fixed

Aqua Server


Aqua ID: SLK-70828

Summary: The exported data in the "docker_labels" format is not readable.

Aqua ID: SLK-73065 and SLK-75025

Summary: Consoles crash frequently due to significant CPU usage in RDS.


Aqua ID: SLK-73498

Freshdesk: 35136

Summary: It is sometimes not possible to log in to the Aqua console.


Aqua Server (UI)


Aqua ID: SAAS-19233

Freshdesk: 34038

Summary: It is not possible to sort the "Number of Nodes" column on the Workload Protection > Workloads > Kubernetes Clusters screen.


Aqua ID: SLK-71823

Freshdesk: 34227

Summary: The CSV file exported from the Workload Protection > Workloads > Containers > Vulnerabilities screen is sometimes empty.


Aqua ID: SLK-72126

Freshdesk: 34504

Summary: It is not possible to view the filter criteria on the Workload Protection > Incidents screen.


Aqua ID: SLK-73008

Summary: Syntax errors may sometimes occur when importing Custom Compliance Checks from the Workload Protection > Policies > Assurance Policies screen.


Aqua ID: SLK-73144

Freshdesk: 34800

Summary: Data filtering by application scope is not functioning as intended on the Workloads > Containers screen.


Aqua ID: SLK-74021

Summary: An "Error 500 - Internal Server Error" message may appear sometimes when trying to click the Container on the Risk Explorer screen.

Aqua ID: SLK-74215

Freshdesk: 29849 and 32040

Summary: The status of the licenses displayed on the Account Management > Licenses > Product Licenses screen is sometimes inaccurate. 




Aqua ID: SLK-69788

Summary: It is not possible to integrate the SMTP server with Aqua from the Aqua Hub > Integrations > Notifications > Email integration screen.

Aqua ID: SLK-70529

Freshdesk: 33177

Summary: In specific cases, registry scans may not be triggered as anticipated.


Aqua ID: SLK-70595

Freshdesk: 32752

Summary: It is not possible to integrate Azure Container Registry using a private Azure repository for a specific scanner.


Aqua ID: SLK-71566

Freshdesk: 32854

Summary: Pagination functionality is not available on the Workload Protection > Administration > Integrations > Image Registries screen.


Aqua ID: SLK-73027

Summary: Gov Cloud regions may not be accessible at times for Serverless Applications and Image Registries integrations.

Aqua ID: SLK-74702

Summary: Saving cloud connections from the Workload Protection > Administration > Integrations > Cloud Workload Scanning integration screen is sometimes not possible.




Aqua ID: SAAS-19578

Summary: When requesting an Enforcer group that does not exist using the /v1/hostsbatch API endpoint, the "500 - Internal Server Error" code is sometimes displayed.




Aqua ID: SAAS-19509

Freshdesk: 34560

Summary: Discrepancies are sometimes seen between the image vulnerability results across environments.


Aqua ID: SLK-66550

Summary: While rescanning an image, an error sometimes occurs displaying "Failed loading previous results, cannot continue twirp error internal: image scan data does not exist."


Aqua ID: SLK-72021

Freshdesk: 33489

Summary: Multiple errors occur at times during image scanning.


Aqua ID: SLK-72981

Freshdesk: 34489

Summary: CVE details may not display the version number in the Vulnerabilities remediation.


Aqua ID: SLK-73347

Summary: The console pod frequently crashes during host image scanning.

Aqua ID: SLK-73440

Summary: Kernel resource details are sometimes not detected when scanning a host image using the Classic scanner.


Aqua ID: SLK-73485

Freshdesk: 14270

Summary: "Twirp syntax" errors are sometimes seen during CI/CD scans when using the Trivy Premium scanner.


Aqua ID: SLK-74197

Freshdesk: 35277

Summary: “Error 500 - Internal Server Error” messages are sometimes seen when trying to view a container workload.


Aqua ID: SLK-74441

Freshdesk: 34396

Summary: Ad-hoc scanners are not removed from the Scan Queue after completion of the scan.

Aqua scanner product images

To obtain the Aqua scanner product images:

  1. Login to the Aqua Registry with this command; replace <AQUA_USERNAME> and <AQUA_PASSWORD>with the SSO credentials you have received from Aqua Security.
    docker login -u <AQUA_USERNAME> -p <AQUA_PASSWORD>
  2. Once you have logged in, you can pull the Linux scanner image.
  3. You can download the scanner (Windows) and scanner-cli binary by using your Aqua username and password at

ComponentImage name / download link
scanner (Linux: AMD64)
scanner (Windows)AquaScannerWindowsInstaller.2311.3.2.msi
scanner (Windows) for Azure
scanner-cli binaryscannercli