Aqua Extends Container Security Platform With Compliance Automation | eWeek

Aqua Extends Container Security Platform With Compliance Features

Aqua 3.0
Apr 9, 2018
3 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Aqua Security announced on April 9 that it is adding new automated compliance capabilities to its namesake container security platform.

The enhanced capabilities are aimed at helping organizations meet different compliance requirements. Aqua now includes compliance checks to help identify personally identifiable information in container application images. In addition, the Aqua update can identify embedded “secrets” that include passwords and access tokens. Aqua also scans for malware in container images as well as container hosts to help identify threats.

The new compliance capabilities come a month after the release of Aqua Security 3.0 in March, which extended the container security platform to include a more comprehensive approach for Kubernetes-based container environments. Rani Osnat, vice president of product marketing at Aqua, said the new release is an incremental update to the 3.0 platform. 


The market for container security is a competitive one, and Aqua isn’t the only vendor helping organizations with compliance. Twistlock has a compliance explorer feature, and both StackRox and Layered Insight have announced container compliance capabilities as well.

Image Assurance

One of the ways that Aqua can help enable compliance is with the platform’s image assurance policy feature.

“Image assurance is the term we use for the ability to determine which images are allowed to run in a customer’s environment,” Osnat told eWEEK. “There is a default policy that provides security by default for a wide range of use cases, but the interesting bits are custom policies that admins can create and apply to different environments.”

Policies can be configured for specific open-source software licensing parameters, as well as look for sensitive data and personally identifiable information, Osnat said. When an image fails to meet any of the criteria set in the policy that it’s typically not allowed to run, the system can be configured to run in audit mode, he said.

“We use a cryptographic digest to track images from the moment they’re created to runtime, so we know if anyone tries to run an image that didn’t pass the policy or didn’t go through our process to begin with,” Osnat said. “We enforce this both at the Kubernetes cluster level, at the master node, as well as on individual Docker hosts.”

Although organizations can use the Aqua image assurance capabilities to meet compliance objectives, the platform does not have templates to meet specific compliance regimes, such as Payment Card Industry Data Security Standard (PCI DSS) or General Data Protection Regulation (GDPR). Osnat said templates are planned for the next 3.x release update. Aqua does, however, have a series of guides for its customers on how to achieve PCI DSS, GDRP and Health Insurance Portability and Accountability Act (HIPAA) compliance with containers and the Aqua Security platform.

While templates can be helpful for guiding an organization’s compliance requirements, another common approach for defining compliance in some organizations is done with the Security Content Automation Protocol (SCAP). Osnat said Aqua supports SCAP scripts, using the Open Vulnerability and Assessment Language (OVAL).

“We have many customers who use these [SCAP scripts] for compliance elsewhere, and this makes it easy for them to apply them to containers as well,” he said.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.