aqua-security
Safeguard articles tagged "aqua-security" — guides, analysis, and best practices for software supply chain and application security.
20 articles
Software Supply Chain Attacks
Software supply chain attacks like SolarWinds, XZ Utils, and polyfill.io exploit trust, not code. Here's how they work and how Safeguard closes the provenance gap.
Repojacking
Aqua Security found nearly 37,000 GitHub repos vulnerable to repojacking, including Google and Lyft. Here's how the attack works and how Safeguard catches it.
Container Image Signing
Signing tells you where a container image came from; scanning only tells you what's inside it. Here's how image signing works, how Aqua handles it, and what a complete solution needs.
MITRE ATT&CK Framework
MITRE ATT&CK maps 200+ attacker techniques, but runtime tools like Aqua only catch supply chain compromise after deployment. Here's the build-time gap and how to close it.
Trivy (Open Source Scanner)
Trivy is free and fast, but Aqua Security built it as a funnel to its paid CNAPP. Here's what the open-source scanner misses and how Safeguard closes the gap.
Aqua Security Platform Buyer Review 2026
An in-depth 2026 buyer review of the Aqua Security platform: runtime protection, image scanning, Kubernetes posture, pricing, and where Aqua fits and where it does not.
Aqua Security Platform Review: Cloud Native Security Done Right
An in-depth review of the Aqua Security platform covering container security, runtime protection, Kubernetes scanning, and how it fits into a modern DevSecOps workflow.
Trivy for SBOM Generation and Vulnerability Scanning
Trivy combines SBOM generation with vulnerability scanning in a single tool. Here's how to use both capabilities effectively.