Aqua Security has updated its open-source project Trivy to include cloud security posture management (CSPM) capabilities. 

Trivy is a code scanning tool that looks through container images, file systems, and Git repositories for security vulnerabilities. 

Now, the tool can be used with AWS, and Aqua Security said that support for other cloud providers is upcoming. AWS users can use Trivy to scan their account for misconfigurations and insider threats. This enables users to more easily meet security standards and comply with the CIS benchmarks. 

RELATED CONTENT: ITOps Times Open-Source Project of the Week: Trivy

Users can define their own rules or use Trivy’s community catalog, which likely wouldn’t be an option if using the built-in cloud tool. They can also keep consistent rules across IaC definitions and production environments. 

Another benefit of this integration is users will be able to identify issues in AWS even when the infrastructure is defined from another tool, like Terraform or CloudFormation. 

“This is the next step in our mission to simplifying cloud native security for the community,” said Itay Shakury, director of open source of Aqua Security. “Trivy is making cloud security accessible and easy for everyone through the power of Open Source. We have been steadily releasing more and more security capabilities to the community through Trivy, and today we’re excited to bring the Trivy experience to cloud and AWS users.”