The November 2023 SaaS Update Release includes the following changes with respect to the previous SaaS product release. Unless otherwise stated, all updates were made available on November 12.
TABLE OF CONTENTS
- Aqua Platform
- Workload Protection
- Supply Chain Security
- Problems fixed
- Aqua scanner product images
AWS account onboarding with Terraform
(This feature is planned for general availability in December 2023. Please contact Aqua Security if you are interested in early availability.)
AWS Auto-Discovery now supports onboarding a single AWS account by using a Terraform template; this is an alternative to the existing onboarding based on a CloudFormation template.
Trivy-Operator: delayed availability
In the 2023 October Update Release, we had announced the Trivy-Operator as a replacement for Starboard when deployed with the KubeEnforcer. General availability of this feature has been delayed to allow us to complete our standard performance and capacity testing.
We will update these Release Notes when Trivy-Operator becomes generally available.
Suppress Aqua incidents by image repository
You can now configure an incident suppression rule to suppress the Aqua incidents reported on the selected image repositories.
V2 risks/vulnerabilities API endpoint enhancement to support exact match
The v2 API risks/vulnerabilities endpoint now includes a new parameter called "exact match," which filters and lists only the vulnerabilities whose names precisely match this parameter.
AWS Bottlerocket support
The Aqua Enforcer, MicroEnforcer, and KubeEnforcer support AWS Bottlerocket Version 1.15.1; certain limitations apply.
IBM Power10 support expanded
The Aqua Enforcer and KubeEnforcer support IBM Power10 systems with the ppc64le architecture. The support coverage has been expanded with respect to previous releases of Aqua; see also Platform Support Differences and Limitations (IBM Power10).
When operating in Lightning Mode, the Enforcers screen now shows Enforcer groups.
Runtime Protection modes
The Behavioral Detection documentation has been updated and improved.
The Deployments documentation page makes it easier to find the appropriate documentation for deploying Aqua Platform components.
Supply Chain Security
Ability to export SBOM in various formats
You can now export SBOM for Code Repository Dependencies in the formats: SPDX and SPDX JSON (in addition to the already supported CycloneDX format).
Enhancement to the "Specific IaC Misconfiguration" control
In Assurance Policies and Suppression Rules, the Specific IaC Misconfiguration control has been enhanced to enable configuration using the specific Aqua Check ID (AVD ID). You can obtain the check ID of any IaC misconfiguration from the Risks > IaC Misconfigurations tab.
Code Repository Integrations (documentation)
The Code Repository Integrations documentation has been updated to include:
- Optional arguments and environment variables for scanning code repositories through the CI Integrations method
- Docker and Podman commands for scanning local code repositories
Aqua ID: SLK-70828
Summary: The exported data in the "docker_labels" format is not readable.
Aqua ID: SLK-73065 and SLK-75025
Summary: Consoles crash frequently due to significant CPU usage in RDS.
Aqua ID: SLK-73498
Summary: It is sometimes not possible to log in to the Aqua console.
Aqua Server (UI)
Aqua ID: SAAS-19233
Summary: It is not possible to sort the "Number of Nodes" column on the Workload Protection > Workloads > Kubernetes Clusters screen.
Aqua ID: SLK-71823
Summary: The CSV file exported from the Workload Protection > Workloads > Containers > Vulnerabilities screen is sometimes empty.
Aqua ID: SLK-72126
Summary: It is not possible to view the filter criteria on the Workload Protection > Incidents screen.
Aqua ID: SLK-73008
Summary: Syntax errors may sometimes occur when importing Custom Compliance Checks from the Workload Protection > Policies > Assurance Policies screen.
Aqua ID: SLK-73144
Summary: Data filtering by application scope is not functioning as intended on the Workloads > Containers screen.
Aqua ID: SLK-74021
Summary: An "Error 500 - Internal Server Error" message may appear sometimes when trying to click the Container on the Risk Explorer screen.
Aqua ID: SLK-74215
Freshdesk: 29849 and 32040
Summary: The status of the licenses displayed on the Account Management > Licenses > Product Licenses screen is sometimes inaccurate.
Aqua ID: SLK-69788
Summary: It is not possible to integrate the SMTP server with Aqua from the Aqua Hub > Integrations > Notifications > Email integration screen.
Aqua ID: SLK-70529
Summary: In specific cases, registry scans may not be triggered as anticipated.
Aqua ID: SLK-70595
Summary: It is not possible to integrate Azure Container Registry using a private Azure repository for a specific scanner.
Aqua ID: SLK-71566
Summary: Pagination functionality is not available on the Workload Protection > Administration > Integrations > Image Registries screen.
Aqua ID: SLK-73027
Summary: Gov Cloud regions may not be accessible at times for Serverless Applications and Image Registries integrations.
Aqua ID: SLK-74702
Summary: Saving cloud connections from the Workload Protection > Administration > Integrations > Cloud Workload Scanning integration screen is sometimes not possible.
Aqua ID: SAAS-19578
Summary: When requesting an Enforcer group that does not exist using the /v1/hostsbatch API endpoint, the "500 - Internal Server Error" code is sometimes displayed.
Aqua ID: SAAS-19509
Summary: Discrepancies are sometimes seen between the image vulnerability results across environments.
Aqua ID: SLK-66550
Summary: While rescanning an image, an error sometimes occurs displaying "Failed loading previous results, cannot continue twirp error internal: image scan data does not exist."
Aqua ID: SLK-72021
Summary: Multiple errors occur at times during image scanning.
Aqua ID: SLK-72981
Summary: CVE details may not display the version number in the Vulnerabilities remediation.
Aqua ID: SLK-73347
Summary: The console pod frequently crashes during host image scanning.
Aqua ID: SLK-73440
Summary: Kernel resource details are sometimes not detected when scanning a host image using the Classic scanner.
Aqua ID: SLK-73485
Summary: "Twirp syntax" errors are sometimes seen during CI/CD scans when using the Trivy Premium scanner.
Aqua ID: SLK-74197
Summary: “Error 500 - Internal Server Error” messages are sometimes seen when trying to view a container workload.
Aqua ID: SLK-74441
Summary: Ad-hoc scanners are not removed from the Scan Queue after completion of the scan.
Aqua scanner product images
To obtain the Aqua scanner product images:
- Login to the Aqua Registry with this command; replace <AQUA_USERNAME> and <AQUA_PASSWORD>with the SSO credentials you have received from Aqua Security.
docker login registry.aquasec.com -u <AQUA_USERNAME> -p <AQUA_PASSWORD>
- Once you have logged in, you can pull the Linux scanner image.
- You can download the scanner (Windows) and scanner-cli binary by using your Aqua username and password at download.aquasec.com.
|Component||Image name / download link|
|scanner (Linux: AMD64)||registry.aquasec.com/scanner:2311.3.2|
|scanner (Windows) for Azure DevOps||AquaScannerWindowsInstaller.2311.3.2.vsts.zip|
Did you find it helpful?Send feedback