For 29 cents you can find nasty stuff on your Images.
Using the marketplace scanner, everything from Trojans to forgotten keys, and Vulnerabilities were found. I can’t wait to try this.
I don’t know if I know the folks from this biz, but pray for their success.
Aqua’s On Demand Vulnerability Scanner – How it Works:
Once prompted by the user, Aqua’s vulnerability scanner automatically connects to the user’s registry (ECR or other registries) and scans the desired images on demand. Users are charged via their AWS account. Some of its core functionality includes:
- Scans Docker images stored in AWS Container Registry (ECR) as well as on other private registries for known vulnerabilities, secrets, and configuration risks
- Scans both OS packages (RPM, Deb, Alpine) and numerous languages including Java, NodeJS, Python, C/C++, PHP, and Ruby
- Triangulates multiple public, vendor-issued and proprietary CVE data streams to maximize coverage and minimize false positives
- Lists all image packages and layer history
- Detects sensitive data and secrets embedded in Docker images
- Provides vulnerability scores and severities
- Delivers actionable mitigation information to developers, enabling them to fix security flaws