Aqua Security for VMware Tanzu allows users to deploy an end-to-end solution for scanning, application assurance and runtime protection for their application workloads, empowering organizations to apply security best practices early in the build process to ensure that only code in compliance with their organization’s security and compliance policies is deployed.
Automatically Scan Application or Container Artifacts for Known Vulnerabilities
Application or container artifacts are scanned for vulnerabilities, secrets, and malware. Scans can be done directly from CI/CD tools (e.g. Jenkins, Visual Studio Team Services, Bamboo).
Prevent Deployment of Unapproved Application or Container Artifacts
Identify and block non-compliant application or container artifacts based on pre-configured assurance policies that check for: authorization, CVEs and score, presence of hard-coded secrets, presence of malware, compliance risks.
Monitor and control application activity based on customized runtime policies
Block unapproved changes to application workloads, view network connections to apply firewall rules, and leverage audit trails of application activity, scan coverage, and system events.
Aqua Security for Tanzu
By applying full-lifecycle container security controls to application workloads at a very granular level, Aqua combines preventive and reactive controls to protect applications in runtime, detecting and blocking attacks, and providing granular visibility and audit trails for compliance. The Aqua Cloud Native Security Platform integrates into the build pipeline to detect issues early in the application lifecycle and minimize the attack surface. It then monitors the runtime environment and prevents malicious activity using a whitelisting policy based on both declarative information and machine-learned behavior. It also integrates with LDAP/AD, secrets stores (e.g., HashiCorp, CyberArk), collaboration tools (e.g., Slack, PagerDuty) and SIEM tools (e.g., Splunk, Sumo Logic) to enable scalable enterprise security.
“We are proud to extend Aqua’s security capabilities to VMware Tanzu users, enabling them to seamlessly implement and automate strong security capabilities into their production-grade application workloads, and allowing them to more closely monitor and control application activity in their TAS and TKGI environments.”
Upesh Patel, Vice President of Business Development, Aqua Security
- Developer runs a CF push command
- Meta buildpack is invoked and claims the build
- Meta buildpack invokes the relevant language buildpack
- Language buildpack claims the build and produces a droplet
- Meta buildpack invokes the Aqua Decorator
- Droplet contents are scanned by the Aqua Decorator; scan results are displayed in the Aqua dashboard/CI tool
- If droplet complies with the droplet Assurance Policy, the droplet is approved and an application is created
Runtime Enforcement is governed by policies defined in the Aqua Console
- User defines runtime policies in the Aqua console
- Policies are enforced in runtime by the Aqua agent installed as a BOSH add-on