Aqua News Aqua Trivy Chosen as the New Default Container Scanner for GitLab

Aqua Trivy and GitLab partner to provide users comprehensive security tools needed to successfully shift left 

BOSTON – June 22, 2021 – Aqua Security, the pure-play cloud native security leader, today announces that Aqua Trivy is now the default open source container scanner for GitLab Container Scanning functionality. Customers can now automatically scan the GitLab CI pipeline container artifacts for OS package vulnerabilities. This change will take place as part of GitLab’s 14.0 release and is based on the results of a publicly available solution comparison and research process.

“One of the primary reasons behind the default scanner change was the ease of use with Trivy compared to alternative open source scanner options,” says Sam White, Sr. Product Manager at GitLab Inc. “Other scanners often require two services or more to be up and running, before they can even start a scan. Trivy is simple and efficient. Trivy bundles the vulnerability database together with the scanner, and that’s one less service that we then have to start up and maintain.”

Collaboration with the Trivy open source engineering team was also a critical factor. White adds, “The Trivy project lead has been great to work with. The close collaboration has been invaluable to us.”

The partnership with Aqua Trivy will continue with roadmap plans to scan containers running in production using Trivy with Aqua Starboard, Aqua’s open source Kubernetes Security toolkit. Moving forward, both Aqua Trivy and Aqua Starboard will form a fundamental part of GitLab’s container scanning roadmap, enabling users with best-in-class default security options.

“With the integration of GitLab with Trivy and Starboard, we’re aiming to provide an ‘on-by-default’ type of scenario, where if you’re using Auto DevOps to deploy into production, we’re running those scans by default and giving you the results,” said White.  “GitLab and Aqua Security can help enable that as a default out-of-the-box configuration, rather than something that users have to stitch together on their own.”

“This partnership provides both Aqua and GitLab users access to the comprehensive security tools they need to successfully shift left,” said Itay Shakury, Director Open Source, Aqua Security. “GitLab’s users now have access to the best in open source container scanning, while Aqua users benefit from GitLab’s Vulnerability Research as well as GitLab’s contributions to Aqua’s Trivy project. We’re looking forward to building the relationship further and allowing GitLab to leverage additional open source projects, like Aqua Starboard, to better schedule scan jobs in production environments.”

 About Aqua Security  

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed. Aqua customers are among the world’s largest enterprises in financial services, software, media, manufacturing and retail, with implementations across a broad range of cloud providers and modern technology stacks spanning containers, serverless functions, and cloud VMs. For more information, visit www.aquasec.com or follow us on twitter.com/AquaSecTeam.