Aqua Extends Container Security Platform With Compliance Automation | eWeek

Aqua Extends Container Security Platform With Compliance Features

Aqua 3.0
Apr 9, 2018
3 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

Aqua Security announced on April 9 that it is adding new automated compliance capabilities to its namesake container security platform.

The enhanced capabilities are aimed at helping organizations meet different compliance requirements. Aqua now includes compliance checks to help identify personally identifiable information in container application images. In addition, the Aqua update can identify embedded “secrets” that include passwords and access tokens. Aqua also scans for malware in container images as well as container hosts to help identify threats.

The new compliance capabilities come a month after the release of Aqua Security 3.0 in March, which extended the container security platform to include a more comprehensive approach for Kubernetes-based container environments. Rani Osnat, vice president of product marketing at Aqua, said the new release is an incremental update to the 3.0 platform. 


The market for container security is a competitive one, and Aqua isn’t the only vendor helping organizations with compliance. Twistlock has a compliance explorer feature, and both StackRox and Layered Insight have announced container compliance capabilities as well.

Image Assurance

One of the ways that Aqua can help enable compliance is with the platform’s image assurance policy feature.

“Image assurance is the term we use for the ability to determine which images are allowed to run in a customer’s environment,” Osnat told eWEEK. “There is a default policy that provides security by default for a wide range of use cases, but the interesting bits are custom policies that admins can create and apply to different environments.”

Policies can be configured for specific open-source software licensing parameters, as well as look for sensitive data and personally identifiable information, Osnat said. When an image fails to meet any of the criteria set in the policy that it’s typically not allowed to run, the system can be configured to run in audit mode, he said.

“We use a cryptographic digest to track images from the moment they’re created to runtime, so we know if anyone tries to run an image that didn’t pass the policy or didn’t go through our process to begin with,” Osnat said. “We enforce this both at the Kubernetes cluster level, at the master node, as well as on individual Docker hosts.”

Although organizations can use the Aqua image assurance capabilities to meet compliance objectives, the platform does not have templates to meet specific compliance regimes, such as Payment Card Industry Data Security Standard (PCI DSS) or General Data Protection Regulation (GDPR). Osnat said templates are planned for the next 3.x release update. Aqua does, however, have a series of guides for its customers on how to achieve PCI DSS, GDRP and Health Insurance Portability and Accountability Act (HIPAA) compliance with containers and the Aqua Security platform.

While templates can be helpful for guiding an organization’s compliance requirements, another common approach for defining compliance in some organizations is done with the Security Content Automation Protocol (SCAP). Osnat said Aqua supports SCAP scripts, using the Open Vulnerability and Assessment Language (OVAL).

“We have many customers who use these [SCAP scripts] for compliance elsewhere, and this makes it easy for them to apply them to containers as well,” he said.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.