Gartner coined the term "Cloud-Native Application Protection Platform" in 2021, and by its 2022 Market Guide it was already predicting that 60% of enterprises would consolidate cloud workload protection (CWPP) and cloud security posture management (CSPM) into a single platform by 2025. That prediction reshaped vendor roadmaps across the industry, including Aqua Security, whose open-source scanner Trivy has become a default building block inside many CNAPP stacks. But "CNAPP" is often used as a marketing label first and an architecture second, and teams evaluating tools against Gartner's actual criteria frequently discover gaps between what a vendor calls a CNAPP and what Gartner's framework demands: unified risk correlation from code to cloud, not just a bundle of scanners sharing a dashboard. This post breaks down what Gartner's CNAPP definition actually requires, how a component-level tool like Trivy fits into that picture, and where software supply chain security — the part most CNAPPs still bolt on rather than build in — decides whether the platform holds up in production.
What Does Gartner Actually Mean by CNAPP?
Gartner defines a CNAPP as a single, integrated platform that unifies the security and compliance capabilities needed to secure cloud-native applications across their full lifecycle — from the first line of code to the running workload. The key word is "unified." Before 2021, organizations typically ran CSPM tools to check cloud misconfigurations, CWPP agents to protect running workloads, and separate SCA or container scanners to catch vulnerable dependencies — three consoles, three data models, three teams reconciling alerts by hand. Gartner's Innovation Insight report argued that this fragmentation was itself a security failure: a vulnerability finding in a container image is only actionable if it's correlated with whether that image is actually deployed, internet-facing, and running with excessive IAM permissions. A CNAPP, in Gartner's framing, is judged less by how many scanners it bundles and more by whether it can answer that combined question in one query.
What Capabilities Does Gartner Require in a CNAPP?
Gartner's reference architecture lists roughly seven capability areas, and a platform missing more than one or two is typically classified as a point solution rather than a true CNAPP. These are: CSPM (misconfiguration and compliance drift across cloud accounts), CWPP (runtime protection for VMs, containers, and serverless), CIEM (cloud identity entitlement management, i.e., who can actually do what), KSPM (Kubernetes-specific posture), IaC scanning (catching misconfigurations in Terraform and CloudFormation before deploy), DSPM (data security posture, tracking where sensitive data lives across cloud storage), and increasingly, ASPM (application security posture management, which ties SAST/SCA findings and software supply chain risk back to the deployed artifact). Gartner's 2023 and 2024 updates to the CNAPP Market Guide explicitly called out software supply chain security — SBOM generation, artifact provenance, and dependency risk — as a growing evaluation dimension, not an optional add-on, as attacks like the 2023 3CX and 2024 XZ Utils incidents pushed upstream compromise into boardroom conversations.
What Are Gartner's Evaluation Criteria for Choosing a CNAPP?
Gartner scores CNAPP vendors on breadth of coverage, depth of risk correlation, and reduction of alert volume through prioritization — not on scanner accuracy alone. Concretely, the evaluation criteria in Gartner's Market Guide and Magic Quadrant-adjacent research ask: can the platform correlate a CVE with runtime reachability (is the vulnerable function actually called), with network exposure (is the workload internet-facing), and with identity risk (does the workload's role have admin-level cloud permissions)? A tool that reports "412 critical CVEs" without that context fails the criteria even if its scan engine is technically excellent, because it pushes triage work back onto a human team that Gartner assumes the platform should be absorbing. Gartner also weighs single-agent/single-console architecture, since agent sprawl — a separate agent for CWPP, another for EDR, another for compliance — was one of the original pain points CNAPP was invented to solve, alongside API-based CI/CD integration so findings surface before deployment rather than after.
Where Does Trivy (Aqua) Fit Into This Picture?
Trivy is an excellent open-source scanner, but on its own it covers roughly one of Gartner's seven CNAPP capability areas — vulnerability and misconfiguration scanning — not the unified platform Gartner describes. Aqua Security built Trivy as a fast, free CLI scanner for container images, filesystems, and IaC files, and it's genuinely good at that job; it's used by thousands of CI pipelines and is often embedded inside other vendors' products as the underlying scan engine. Aqua's commercial platform wraps Trivy with CSPM, CWPP runtime agents, and CIEM to approach full CNAPP coverage, which is a reasonable strategy. But teams evaluating "Trivy" as a CNAPP answer are usually conflating the free scanner with the paid platform: Trivy itself has no runtime correlation, no identity risk graph, and no cross-account posture view — those live only in Aqua's commercial tier, at commercial pricing, with a heavier deployment footprint (agents per node, per cluster) than the lightweight CLI most teams first adopted it for.
What's Missing When CNAPPs Are Built Scanner-First?
The biggest gap in scanner-first CNAPPs, including Trivy-based stacks, is upstream software supply chain provenance — knowing not just what's in an artifact, but where it came from and whether the build itself was tampered with. Gartner's own 2024 guidance increasingly references SLSA (Supply-chain Levels for Software Artifacts) and in-toto attestations as evaluation signals, because a clean vulnerability scan says nothing about whether a package was typosquatted, whether a maintainer account was compromised (as happened with the event-stream npm package in 2018 and, at much larger scale, XZ Utils in March 2024), or whether a CI runner injected a backdoor between build and publish. Vulnerability and misconfiguration scanners look at the artifact as it exists; they can't see the build pipeline that produced it. That's a structural blind spot, not a tuning problem — no amount of scanning cadence closes it, because the compromise happens upstream of the artifact the scanner ever inspects.
How Safeguard Helps
Safeguard is built around the CNAPP capability Gartner's guidance increasingly treats as make-or-break — software supply chain security — and designed to sit alongside, not replace, the scanning layer teams already run. Where Trivy and similar tools answer "what vulnerabilities exist in this artifact," Safeguard answers "can I trust how this artifact was built and where it came from," generating cryptographically verifiable SBOMs, tracking build provenance against SLSA levels, and flagging dependency and maintainer anomalies before a compromised package ever reaches a pipeline. That closes the exact gap Gartner flags in scanner-only stacks: a clean CVE report on a tampered artifact is a false sense of security, and Safeguard's provenance layer catches the tampering that vulnerability data alone cannot see.
For teams that already run Trivy or Aqua for scanning, Safeguard integrates as the supply chain and ASPM layer of a broader CNAPP strategy rather than asking anyone to rip out an existing scanner. Findings are correlated against real deployment context — is this dependency actually reachable in production, does the build that produced it carry verifiable provenance, is the artifact signed and attested end to end — which is precisely the correlation Gartner's evaluation criteria reward and that scanner-first platforms structurally struggle to deliver on their own. If your current CNAPP evaluation stops at "does it scan containers," it's answering last decade's question; Safeguard is built for the one Gartner is now asking — can you prove what you shipped is what you built, and can you prove it wasn't tampered with along the way.