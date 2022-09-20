Aqua Security Launches Industry’s Only End-to-End Solution to Stop Software Supply Chain Attacks

Aqua Security
·5 min read
Aqua Security
Aqua Security

Development and security teams can now proactively address the most critical software supply chain risks from code through runtime

Aqua Open Source Health Assessment

As part of its Software Supply Chain Security solution, Aqua grades every open source package based on quality, maintainability, popularity and risk for supply chain incidents.
As part of its Software Supply Chain Security solution, Aqua grades every open source package based on quality, maintainability, popularity and risk for supply chain incidents.

BOSTON, Sept. 20, 2022 (GLOBE NEWSWIRE) -- Aqua Security, the leading pure-play cloud native security provider, today announced the industry’s first and only end-to-end software supply chain security solution. The new solution ensures protection across the entire software development lifecycle (SDLC) and helps organizations proactively prevent and stop supply chain attacks on cloud native applications.

Software supply chain attacks are dramatically on the rise, and Aqua data shows a 300% increase year-over-year. The increasing threats are now being recognized by international governments as a security priority; most recently the White House released an executive order to enhance software supply chain security from development.

Aqua identifies software supply chain risks as threats coming from third-party artifacts, open source dependencies and malicious actors targeting the unique developer toolset and environment. To combat the growing risk to the software supply chain, Aqua is introducing new capabilities to add to its current supply chain solution. These new capabilities make Aqua the only solution in the market that protects against supply chain risk from code all the way through to runtime, across both the application and underlying infrastructure.

"Other vendors miss a piece of the equation," said Amir Jerbi, CTO and co-founder of Aqua Security. "For example, some solutions focus on the build while others focus on the code and build, but Aqua is the only solution that allows developers to offer proactive security measures across code, build, deploy and runtime phases. With this, we are giving developers and security teams the confidence to continue to build their cloud native application development capabilities and prevent supply chain attacks."

The Systems Sciences Institute at IBM recently reported that "it costs six times more to fix a bug found during implementation than one identified during design. Furthermore, the cost to fix bugs found during the testing phase could be 15 times more than the cost of fixing those found during design." The Aqua Software Supply Chain Security Solution provides alerts and acceptance gates along the entire code and build stages to proactively reduce risk as early as possible in the development life cycle. These assurance policies can be automated, further shortening the feedback loop for development and security teams and eliminating these associated costs.

"Attackers are targeting the source code and its dependencies as a way to inject vulnerabilities and backdoors to applications. Aqua’s assurance policies apply proactive security on your software supply chain process and its outcome, identifying and mitigating such risks," said Joseph Elbaz, head of application security at Grubhub. "This is exactly what is needed to ensure your release quality."

The first Software Supply Chain Security Solution integrated into a CNAPP
The solution is part of Aqua’s fully integrated Cloud Native Application Protection Platform (CNAPP), the Aqua Platform. As the first CNAPP to include a supply chain solution, Aqua is redefining the CNAPP category with even more integration and end-to-end protection. The Aqua Supply Chain Solution introduces new robust features, including:

  • Code Scanning: Scan an organization's code in a matter of minutes without leaving the developer workflow. Powered by Aqua Trivy Premium, the enterprise version of the popular open source universal cloud native security scanner, developers can find and remediate vulnerabilities and other risks within code to deliver safer code faster.

  • CI/CD Posture Management: Secure your Continuous Integration/Continuous Delivery (CI/CD) tool chain to establish a zero-trust DevOps environment. Enforce Least Privilege Access to reduce security risks and meet compliance requirements. Easily spot and fix dangerous misconfigurations of your DevOps platform (e.g., GitHub, Jenkins, Nexus). Identify insider threats such as the removal of required security checks, bulk changes to user account access or a change to a sensitive code repository.

  • Pipeline Security: Identify new or non-compliant CI pipelines and apply customizable security assurance policies across your entire organization's CI with a single click. Set specific enforcements on your production pipeline to make sure every newly built artifact is signed and scanned for vulnerabilities, secrets and Infrastructure as Code (IaC) misconfigurations.

  • Next-Generation SBOM: Go beyond basic SBOM generation and record every step and action from the moment a developer has committed the latest code change through the build process up until the new final artifact is generated. With code signing, users can also verify the code history and gain certainty that the code they create is the same code that ends up in the development tool chain.

  • Open Source Health Assessment: Assess the health and reputation of open source code. Aqua grades every open source package based on quality, maintainability, popularity and risk for supply chain incidents. The solution can automatically prevent risky code from entering the codebase, and developers are notified in real time of potentially dangerous packages.

"The Aqua Platform is undoubtedly the most robust CNAPP in the industry. Adding these new Software Supply Chain Security capabilities to our existing Dynamic Threat Analysis and runtime protection capabilities, we bring the most proactive and holistic defense-in-depth solution that can secure from day one and stop cloud native attacks," said Jerbi.

The launch and rollout of Aqua’s Supply Chain Solution is the last step in the full integration of the Argon Security technology following the acquisition in December 2021. Contact Aqua to schedule a Software Supply Chain Security Assessment or learn more about the new solution via Aquasec.com.

About Aqua Security
Aqua Security stops cloud native attacks and is the only company with a $1M Cloud Native Protection Warranty to guarantee it. As the pioneer and largest pure-play cloud native security company, Aqua helps customers unlock innovation and build the future of their business. The Aqua Platform is the industry's most integrated Cloud Native Application Protection Platform (CNAPP), prioritizing risk and automating prevention, detection and response across the lifecycle. Founded in 2015, Aqua is headquartered in Boston, MA, and Ramat Gan, IL, with Fortune 1000 customers in over 40 countries. For more information, visit https://www.aquasec.com/.

Contact:
Jennifer Tanner
Look Left Marketing
aqua@lookleftmarketing.com

A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/a340c13f-00ac-44da-8fc9-d5abe57b14a5


Latest Stories

  • Brittany Crew still grappling with weight of expectations after injury-marred Olympics

    For athletes, expectations can be a funny thing. For some, they can motivate and push them to succeed, to fill out the glorious details in a script that has already been written. For others, the lofty predictions of others can be crushing, especially when things don't go as planned. They can derail even the most promising of careers. That's what happened to Canadian shot putter Brittany Crew. When CBC Sports caught up with Crew recently on a sunny afternoon on the campus of York University, the

  • Jets strip Blake Wheeler of captaincy ahead of 2022-23 season

    Rick Bowness is making the change the organization has to this point refused.

  • Wynn's goal is always to be disruptive and get to the opposing quarterback

    HAMILTON — The defensive formations and schemes in pro football are detailed and complicated but the ultimate goal for Dylan Wynn has never wavered. The Hamilton Tiger-Cats defensive tackle's main priority, game in and game out, revolves around being disruptive, getting to the quarterback and making his life miserable "Isn't that the story about football, though," Wynn said with a smile. "That's what we've been told since we were kids. "That's why I love my job so much. I get to directly affect

  • Canada's Gillian (The Savage) Robertson rallies for second-round UFC submission

    LAS VEGAS — Canadian flyweight Gillian (The Savage) Robertson survived a first-round onslaught to submit Kazakhstan's Mariya (Demonslayer) Agapova on a UFC Fight Night card Saturday. The 27-year-old native of Niagara Falls, Ont., who makes her home in Port Saint Lucie, Fla., absorbed a string of elbows to the head as she tried to take Agapova down at the fence in the opening round. But she rallied in the second round to lock in a rear-raked choke that prompted referee Mark Smith to halt the bout

  • Toronto FC visits Orlando, knowing its playoff hopes could end in the Florida heat

    The door will likely slam this weekend on Toronto FC's faint post-season hopes. But the rebuilding continues at TFC. Thirteenth-place Toronto (9-15-7, 34 points) visits fifth-place Orlando City (12-12-6, 42 points) on Saturday, with TFC sitting six places and seven points out of the playoffs in the Eastern Conference and only nine points left on the table from its three remaining regular-season games. A win by seventh-place Columbus or a Toronto loss are high among the scenarios that would finis

  • Lions edge Stampeders 31-29 in OT in debut of quarterback Vernon Adams Jr.

    CALGARY — Quarterback Vernon Adams Jr.'s first start as a B.C. Lion was a memorable one. Adams threw for 294 yards, rushed for 32, and engineered a 31-29 overtime win over the host Calgary Stampeders on Saturday. Acquired from the Montreal Alouettes in an Aug. 31 trade, Adams didn't throw any touchdown passes for the Lions, but he didn't throw any interceptions either. "It means so much. It means a lot," Adams said. "I've been through a lot. Roller-coaster type of year. I had a bad practice on d

  • Stinging memory fuels Calgary Stampeders in clash with B.C. Lions

    CALGARY — Momentum, yes, but Calgary Stampeders head coach Dave Dickenson doesn't want his team feeling untroubled with the B.C. Lions in town. A 56-28 win over the Edmonton Elks last week and a modest two-game win streak indicates the Stampeders are functioning at a high level heading into Saturday's home game against the Lions. "When you do well, I think you get momentum and yes, I think you can carry that forward," Dickenson said Friday. "I also think teams play better when they're not happy.

  • Johnston scores, CF Montreal gets past Revolution 1-0

    FOXBOROUGH, Mass. (AP) — Alistair Johnston scored in the 72nd minute and Sebastian Breza stopped three shots as CF Montreal earned a 1-0 victory over the New England Revolution on Saturday night. Both teams play next on Oct. 1. Montreal (18-9-5) hosts D.C. United and the Revolution (9-12-11) play Atlanta United. ___ The Associated Press created this story using technology provided by Data Skrive and data from Sportradar. The Associated Press

  • Stinging memory fuels Calgary Stampeders in clash with B.C. Lions

    CALGARY — Momentum, yes, but Calgary Stampeders head coach Dave Dickenson doesn't want his team feeling untroubled with the B.C. Lions in town. A 56-28 win over the Edmonton Elks last week and a modest two-game win streak indicates the Stampeders are functioning at a high level heading into Saturday's home game against the Lions. "When you do well, I think you get momentum and yes, I think you can carry that forward," Dickenson said Friday. "I also think teams play better when they're not happy.

  • Fredericton Fire Department wins national competition, a first for the team

    Running, climbing stairs, hoisting hoses, saving lives — all in a day's work for a firefighter. But even on their off time, some firefighters enjoy putting those skills to the test. That's why they compete at the Canadian FireFit Championships, held in Spruce Meadows, Alta, earlier this month. Anthony Storey, of the Fredericton Fire Department's four-person team, remembers how nervous he felt as he waited for his shot at this year's event. He was the last to compete that day and he said the tens

  • NHL stars weigh in on scandal-filled summer for Hockey Canada

    Connor McDavid, Nathan MacKinnon and Cale Makar were each asked for their feelings about the ongoing Hockey Canada saga.

  • Elks pull out dramatic 26-24 win over Roughriders behind late field goal

    REGINA — Although ugly, the Edmonton Elks showed their ability to rebound from adversity in a 26-24 victory over the Saskatchewan Roughriders on Friday night. The Elks committed 12 penalties for 158 yards in the game and allowed a nine-point fourth quarter lead to slip, as the Riders went up 24-23 on a seven-yard touchdown pass from Cody Fajardo to Brayden Lenius with just 1:08 remaining. Quarterback Taylor Cornelius drove Edmonton 38 yards downfield in a span of 46 seconds, leaving kicker Sergi

  • Treading water: Edmonton swim clubs struggle to find pool time amid closures

    Edmonton swim clubs are struggling to find time for their athletes to train after the closures of four major pool facilities since the start of the COVID-19 pandemic. The Olympian Swim Club, one of Edmonton's largest competitive swimming clubs, has lost all four of its main training pools. Club president Jared Buhler said it's put the whole club in a tricky position. "It's been crisis after crisis after crisis paired with COVID," Buhler said. The first to go was the pool at the Northern Alberta

  • B.C. junior hockey team fined and 2 players suspended for alleged hazing

    A B.C. junior hockey team has been fined and two players suspended after a league investigation into allegations of hazing. The Creston Valley Thunder Cats has been fined and placed on two years probation by the Kootenay International Junior Hockey League following a week-long investigation into hazing allegations, the league announced on Monday. The amount of the fine was not disclosed. The team's captain, 20-year-old Clayton Brown, is suspended for 12 games for violating the league's player co

  • Orioles score three runs in ninth to beat Blue Jays 5-4

    TORONTO — Canadian closer Jordan Romano has become almost automatic in finishing off victories for the Toronto Blue Jays this season. But the 29-year-old righty from Markham, Ont., was knocked around for three runs in the ninth inning in a 5-4 loss to the Baltimore Orioles (76-69) on Sunday. The last time Romano (5-4) had blown a save that resulted in a Toronto loss was almost three months ago, on June 21. He's gone 34 for 39 in save opportunities this year and was hoping to match the team recor

  • Top-ranked Alcaraz loses to Auger-Aliassime at Davis Cup

    BARCELONA, Spain (AP) — Carlos Alcaraz's biggest fans had flocked to see the world's new top-ranked player in his homecoming to Spain. Instead, they witnessed Montreal's Felix Auger-Aliassime beat their new idol before staying on the hard court to secure a second victory in doubles and help Canada score a 2-1 upset win over Spain in the Davis Cup group phase on Friday. Alcaraz lost 6-7 (3), 6-4, 6-2 to a superb Auger-Aliassime, who endured the partisan crowd and tilted the match at Valencia his

  • Canadian NHL stars weigh in on a summer of Hockey Canada scandals: 'It's sad'

    HENDERSON, Nev. — Connor McDavid has answered the call to wear Canada's red Maple Leaf throughout his career. The same goes for Nathan MacKinnon. And like the rest of the country, the two stars watched from afar as a scandal-filled summer unfolded for Hockey Canada — the sport's national governing body — after news broke of an alleged sexual assault involving members of the 2018 world junior team. "I'm very proud to be Canadian, very proud to represent Hockey Canada," McDavid, the Edmonton Oiler

  • Tuned-in Tapia helps Jays defeat Orioles 6-3, widen gap in wild-card race

    TORONTO — Left-fielder Raimel Tapia performed brilliantly with his bat and glove to carry on a superb September for the Toronto Blue Jays. Tapia's impressive play in the Blue Jays' 6-3 win against the Baltimore Orioles on Saturday helped improve Toronto's record in September to a Major League Baseball-best 13-4. The back-to-back wins against Baltimore also gave the Blue Jays six series wins in a row and put the club 20 games over .500 for the first time since they finished 2021 at 91-71. "I feel

  • 49ers QB Trey Lance out for season with broken ankle

    SANTA CLARA, Calif. (AP) — San Francisco 49ers quarterback Trey Lance will miss the rest of the season after breaking his right ankle Sunday. Lance went down after running the ball on the second drive of a 27-7 win over the Seattle Seahawks. A cart came out on the field and Lance's leg was put into an air cast before he was taken off. The 49ers immediately announced he would not return. Lance's teammates and several Seahawks players paid him respect before he left the field and was replaced by f

  • Terry Fox Run back in Alberta as thousands run in support of cancer research

    Across the country on Sunday, thousands of Canadians laced up their running shoes and pounded the pavement for the 42nd Terry Fox Run. The annual fundraiser for cancer research was back in person, and across the province, Albertans ran once again in honour of the Canadian legend. In Edmonton, more than 800 people ran to raise money and awareness for cancer research. The crowd in the capital was smaller than past years, but still an impressive turn out as the city continues to deal with the pande