Container Security

Software containers (Docker and other formats) are widely adopted in enterprise deployments, but pose unique security challenges due to the scale, agility, and open nature of the container operating environment. The rapid DevOps process that is often behind container deployments, as well as the inclusion of many open-source components, require tight governance of the process from the development phase and beyond.

Aqua’s container security solution was architected specifically to address the challenges of visibility, control, intrusion detection and intrusion prevention in container environments. Aqua keeps container environments transparent and non-intrusive to DevOps and allows organizations to reap the business benefits of containers without increasing their risk profile.

Users of Azure DevOps pipelines can integrate with Aqua’s Extension for continuous image assurance, which is the most comprehensive and automated solution for scanning container images. This solution offers deep scanning of image layers and all its resources to detect security issues such as vulnerabilities, sensitive data, and malware. It also offers persistent controls in Image Assurance Policies to assure image integrity throughout its lifecycle.

Features

• Automate container based images scanning in the CI/CD pipeline to empower DevSecOps to detect and fix security issues early.
• Scan container based images stored on public and private registries.
• Define severity based failure criteria for pipelines.
• Detect high-level threats and malware in container images.
• View and access vulnerability reports and prevent unapproved images from being deployed in your environment.

What is the Aqua Security extension?

Aqua Security extension allows you to add a step to your build pipeline, where images can be scanned for security issues before they are pushed to your registry. This extension can be configured to fail the build when any image in the pipeline fails an Image Assurance policy defined in the connected Aqua Server.

Prerequisite

You should have Aqua license to take leverage of this extension to scan images in the build pipeline. If you do not have Aqua license, contact Aqua Security

Getting Started

1. Install Aqua’s extension in your Azure DevOps Organization.
2. Configure a "Generic service connection" to the Aqua Server. The connection should include the Aqua Server URL and for authentication either provide username and password or only token in password field
3. Add the Aqua image scanning step to your pipeline build process, right after the step for creating a container image. In this step you should select the service connection name, and name of the image to scan, and other scanning configurations.

Aqua image scanning step is now added to your image build pipeline process. It will automatically scan created images in the pipeline for security issues. The build will fail in case the image fails the Image Assurance Policies defined in the connected Aqua Server.