Aqua Security launches Trivy Partner Connect to expand open source security scanning ecosystem

Aqua Security has introduced the Trivy Partner Connect Program, which aims to enhance the ecosystem surrounding its Trivy vulnerability scanner by engaging commercial vendors. Echo and Minimus are the first members, providing secure images that correspond to Trivy's focus on strengthening developer and security team functionalities.

Program Overview

The Trivy Partner Connect Program offers a structured framework for partners to create, integrate, and collaborate, thereby enriching the Trivy user experience and advancing open source development. Itay Shakury, Vice President of Open Source at Aqua Security, noted the program's ongoing commitment to security tools and the potential for partners to influence the product's direction.

Status of Trivy

Trivy has gained recognition within the open-source security sector, boasting over 27,000 GitHub stars and 100 million downloads annually. The newly established program aims to increase security support through additional content and integrations provided by partners, while ensuring users remain familiar with the tool.

Partner Contributions

Echo provides vulnerability-free images that are FIPS-validated and compatible with existing operating systems. CEO Eilon Elhadad remarked that collaborating with Trivy enhances their reach to users, allowing development teams to focus on their objectives without the burden of vulnerability management.

Minimus offers minimal container and Virtual Machine (VM) images, designed with fewer Common Vulnerabilities and Exposures (CVE) and enhanced hardening capabilities. John Morello, CTO of Minimus, emphasized the trust associated with Trivy and how this partnership supports the reduction of vulnerabilities early in the development cycle.

Program Structure

The Trivy Partner Connect Program includes three tiers: Certified, Core, and Advisor, each catering to distinct partnership requirements such as integration and service contributions. The program is designed for rapid expansion, aiming to engage more organizations interested in collaborating with Trivy.

This blog post reflects Aqua Security's strategic efforts to build a community around Trivy, strengthening its position in the ecosystem of open-source security tools.