The End-to-End Platform for Container Security

Continuous Image Assurance

Scan for known vulnerabilities, malware, hard-coded secrets, based on a continuous feed correlated across multiple source. Scan OS packages (RPM and Deb) and language packages: Java, NodeJS, Ruby, PHP, Python, C/C++ Integrates with CI/CD to automate security testing in the pipeline, and with Jira for developer feedback.

User Access Control

Role-based privilege definition per container/host/application/network/ storage volume. Allow/disallow specific user actions, e.g. start/stop, log access, read/write access, volume access.

Secrets Management

Securely inject secrets into containers with no downtime. Integrates with HashiCorp Vault, CyberArk Password Vault, AWS KMS and Azure Vaults.

Runtime Protection

Real-time monitoring of container activity against security policies. Block specific activities and attacks without killing the container.

Microservices Firewall

Visualize container networking. Nano-segment container networking based on application.

Auditing & Compliance

CIS Benchmark tests for Kubernetes and Docker. Scan hosts for vulnerabilities and malware, and view granular event logging and activity report.


The solution integrates with the following solutions: CI/CD tools: Jenkins, GoCD, TeamCity, Bamboo, GitLab and Microsoft VSTS. SIEM, Analytics and Alerts: Sumologic, Syslog, ArcSight, Loggly, Logentries, Microsoft OMS, ElasticSearch. Identity Mgmt solutions: Active Directory / LDAP, SAML Single Sign-On.

Supported Environments

Linux and Windows Containers Registries: DockerHub, Amazon ECR, Google GCR, CoreOS Quay, JFrog Artifactory, Azure ACR or any v1/v2 registries Orchestrators: Kubernetes, Mesos, Docker Swarm, Red Hat OpenShift, Amazon ECS, Rancher Cloud Deployment: AWS, Google Cloud, IBM Cloud, Microsoft Azure.

DZone Guide: Guide to Containers Development and Management

Read the white paper

How customers use it

  • Ongoing Image Risk Assessment

    Ongoing Image Risk Assessment


    Aqua ensures images are free from known vulnerabilities, secrets, and configuration errors. DevOps practitioners can gain fast access to actionable remediation information for detected vulnerabilities.


    Aqua integrates security into the CI/CD pipeline to provide image risk analysis and rapid remediation early during the build, enabling you to “fail fast” while avoiding security roadblocks.

  • Image Assurance Policy Settings & Enforcement

    Image Assurance Policy Settings & Enforcement


    Ensure that only approved images will run in your environment.


    Aqua’s image assurance provides persistent controls to ensure image integrity throughout its lifecycle, and to prevent unapproved or unvetted images from running.

  • Protect Workloads in Runtime

    Protect Workloads in Runtime


    Aqua runtime protection blocks suspicious container activity without stopping or killing the container and detects rogue containers.


    Aqua global runtime controls are applicable to all containers, permitting only legitimate behaviors, to prevent several types of privilege abuse and attack vectors.

  • Risk Analysis & Compliance

    Risk Analysis & Compliance


    Aqua generates audit reports to demonstrate regulatory compliance around user/container access and activity. DevSecOps practitioners can perform instant impact analysis to remediate specific vulnerability.


    Aqua facilitates regulatory compliance by automating CIS benchmark testing for both Kubernetes and Docker, scanning images and hosts for malware and vulnerabilities, and collecting granular container-level events for auditing and reporting.

  • Hardening the Host and Orchestrator Environment

    Hardening the Host and Orchestrator Environment


    Aqua ensures the OS and the container engine versions are up to date and fully patched. In additions, Aqua secures the Kubernetes environment and verifies that that access control, networking and authentication are all in check.


    Aqua performs host integrity checks, including vulnerability scan, malware and CIS tests to ensure hosts are secured and that user access is controlled and monitored.