Services Marketplace
Aqua Security for Tanzu

Application Lifecycle Security Solution for Tanzu Containers

Compatible with TAS, PKS

Compatible with TAS
Can be consumed by apps on TAS

Compatible with PKS
Can be consumed by apps on PKS

Compatible with Standalone PKS
Runs on PKS with no dependency on TAS

Aqua Security for Tanzu allows users to deploy an end-to-end solution for scanning, application assurance and runtime protection for their application workloads, empowering organizations to apply security best practices early in the build process to ensure that only code in compliance with their organization’s security and compliance policies is deployed.

Automatically Scan Application or Container Artifacts for Known Vulnerabilities

Application or container artifacts are scanned for vulnerabilities, secrets, and malware. Scans can be done directly from CI/CD tools (e.g. Jenkins, Visual Studio Team Services, Bamboo).

Prevent Deployment of Unapproved Application or Container Artifacts

Identify and block non-compliant application or container artifacts based on pre-configured assurance policies that check for: authorization, CVEs and score, presence of hard-coded secrets, presence of malware, compliance risks.

Monitor and control application activity based on customized runtime policies

Block unapproved changes to application workloads, view network connections to apply firewall rules, and leverage audit trails of application activity, scan coverage, and system events.

Aqua Security for Tanzu
Aqua Security 개요

By applying full-lifecycle container security controls to application workloads at a very granular level, Aqua combines preventive and reactive controls to protect applications in runtime, detecting and blocking attacks, and providing granular visibility and audit trails for compliance.

The Aqua Cloud Native Security Platform integrates into the build pipeline to detect issues early in the application lifecycle and minimize the attack surface. It then monitors the runtime environment and prevents malicious activity using a whitelisting policy based on both declarative information and machine-learned behavior. It also integrates with LDAP/AD, secrets stores (e.g., HashiCorp, CyberArk), collaboration tools (e.g., Slack, PagerDuty) and SIEM tools (e.g., Splunk, Sumo Logic) to enable scalable enterprise security.

Aqua’s advanced runtime protection for PCF allows users to develop customized policies to control application activity, blocking unapproved changes to running workloads, and applying firewall rules that whitelist authorized network connections. Aqua Security for PCF also enables granular audit trails of access activity, scan events and coverage, application activity and system events.

Aqua empowers enterprises to:

  • “Shift left” security, enabling DevSecOps to accelerate application delivery with full automation and no compromise on security
  • Protect workloads in runtime against known vulnerabilities, zero-day exploits, malware, and insider threats
  • Limit the impact of breaches with a container-level firewall
  • Secure their applications once, and deploy them anywhere with no need to re-configure security policies and controls
  • Meet regulatory compliance requirements such as PCI-DSS, HIPAA and GDPR

More about Aqua Security

Integration features

Available as a language-agnostic meta-buildpack for deploying native integration applications in any language.

Available as a custom buildpack.

The buildpack is documented with instructions for setup and operation.

“We are proud to extend Aqua’s security capabilities to Tanzu users, enabling them to seamlessly implement and automate strong security capabilities into their production-grade application workloads, and allowing them to more closely monitor and control application activity in their PCF environment.”

Upesh Patel, Vice President of Business Development, Aqua Security

운영 방식

  1. Developer runs a CF push command
  2. Meta buildpack is invoked and claims the build
  3. Meta buildpack invokes the relevant language buildpack
  4. Language buildpack claims the build and produces a droplet
  5. Meta buildpack invokes the Aqua Decorator
  6. Droplet contents are scanned by the Aqua Decorator; scan results are displayed in the Aqua dashboard/CI tool
  7. If droplet complies with the droplet Assurance Policy, the droplet is approved and an application is created

Runtime Enforcement is governed by policies defined in the Aqua Console
  1. User defines runtime policies in the Aqua console
  2. Policies are enforced in runtime by the Aqua agent installed as a BOSH add-on

Read the documentation


Download Now

Let’s talk.

Contact us about Aqua Security for Tanzu.

관심을 가져 주셔서 감사합니다.

빠른 시일 내에 연락을 드리겠습니다.

관심을 가져 주셔서 감사합니다.

빠른 시일 내에 연락을 드리겠습니다.