Aqua Trivy Chosen as the New Default Container Scanner for GitLab
June 2021 by Marc Jacob
Aqua Security announces that Aqua Trivy is now the default open source container scanner for GitLab Container Scanning functionality. Customers can now automatically scan the GitLab CI pipeline container artifacts for OS package vulnerabilities. This change will take place as part of GitLab’s 14.0 release and is based on the results of a publicly available solution comparison and research process.
Collaboration with the Trivy open source engineering team was also a critical factor. White adds, “The Trivy project lead has been great to work with. The close collaboration has been invaluable to us.”
The partnership with Aqua Trivy will continue with roadmap plans to scan containers running in production using Trivy with Aqua Starboard, Aqua’s open source Kubernetes Security toolkit. Moving forward, both Aqua Trivy and Aqua Starboard will form a fundamental part of GitLab’s container scanning roadmap, enabling users with best-in-class default security options.