Aqua Security logo

Aqua Cloud Native Application Protection Platform

Aqua Security logo
Aqua Security logo

Aqua Cloud Native Application Protection Platform

By Aqua Security

Certified enterprise ready

The Aqua Cloud Native Application Protection Platform (CNAPP) helps teams deliver applications faster and automate more while better detecting, managing and remediating risk from code to production and maturing their DevSecOps practices.

Software version


Runs on

OpenShift 4.4

Delivery method


The Aqua platform integrates vulnerability and threat risk management into build automation, audits and identifies cloud account misconfigurations and compliance violations, unifies policy management and enforces consistent controls for hybrid and multi-cloud infrastructure and workloads. Aqua provides comprehensive controls and deep, actionable insight to accurately detect and prioritize risks and to accelerate remediation.

OpenShift Security Posture Management

Aqua enables security and compliance teams managing hybrid clouds to enforce and monitor OpenShift configurations, CIS Benchmarks and best practices and enforce assurance policies for the cloud native applications orchestration layer. Enhance your Kubernetes security posture workload management with continuous security risk assessment, dynamic insights across clusters and guided remediation. Use Aqua’s image assurance policies to prevent the deployment of unsafe and non-compliant workloads.

Risk Based Vulnerability Management

Aqua’s vulnerability scanning and management drives focus on the most important and urgent vulnerabilities and efficient remediation in large, complex environments. Based on contextual factors like exploitability, customizable severity, and running workloads in combination with proprietary threat intelligence, Aqua’s insights helps prioritize the highest risks to your environment. Aqua integrates with CI/CD pipeline tools, including Jenkins, Azure DevOps, CircleCI, Bamboo and GitLab.

Role Based Access Control & Scoping

Aqua’s comprehensive role-based access controls (RBAC) deliver effective separation of duties (SoD) to support security and compliance initiatives for complex and multi-cloud deployments and provide the flexibility to support all deployment configurations and organizational structures. Administrators can configure hierarchies and role-based permissions based on defined scopes, down to the pod level. Limit the use default policies with embedded OPA-based, declarative assurance policies.

Runtime Protection for Containers and VMs

Aqua enables you to configure runtime controls that are applicable to all containers, functions, and VMs, permitting only legitimate behaviors and preventing several types of privilege abuse, suspicious behaviors, and attack vectors. Get alerted to configuration violations and view detailed remediation steps. Contextual-based Drift Prevention identifies changes from container’s original image and enforces container immutability at run time.

Malware Detection & Supply Chain Security

Aqua’s Dynamic Threat Analysis (DTA) ensures that those advanced threats and malware in container images are detected before they are pushed to production. Aqua DTA helps to mitigate the risk of data theft, container use for DDoS, and resource abuse by advanced persistent threats and polymorphic malware. Analyze container behavior directly from your registries and CI pipelines and help incident response to “shift left”.

Infrastructure and Workload Assurance Policies

Aqua Kubernetes Assurance Policies allow you to evaluate specific conditions related to your workloads and check for potential unsafe security configurations, whether in your cluster, node or pod. Compatible with Open Policy Agent (OPA) and using Rego expressions, it provides out-of-the-box rules and allows you to add custom Rego rules to comply with your security requirements.

Auditing and Compliance

Apply compliance best practices across your cloud environment by automating out-of-the-box runtime policies for PCI, HIPAA, NIST and GDPR, and benchmarking against CIS certified tests for Linux, Docker and Kubernetes. Leverage your SIEM tool of choice to monitor granular reporting on scan results, policy changes and secrets rotations.

Risk Explorer

Leverage Aqua's Risk Explorer to see a live map of all the hosts and images running in your production environment. Risk Explorer gives you the ability to identify the namespaces and objects (representing a deployment, daemonset or job) and their respective risk levels to perform an accurate root cause investigation. Gain a clear view of the security posture of Kubernetes environments across clusters.

Pricing summary

Plans starting at

View all pricing options

An Aqua license will appear in your inbox within 12 hours of sign-up for a seamless experience.

Fully automated deployment, scaling and lifecycle management of Aqua CSP via Aqua Security Operator.

Auto-discovery of workloads providing visibility and insights into your complete security posture.

Real-time visibility and control over the compliance posture of images, pods, nodes and clusters.

Shift left by embedding comprehensive security testing and powerful policy-driven controls early on.

Empower DevOps to fail fast and fix early, all while accelerating deployment velocity.

Policy-driven image assurance and compliance to preempt image sprawl and rogue deployment.

Enforce container immutability and perform least-privilege profiling of container behavior.

Microsegmentation via creation of dynamic firewall rules, to limit the impact of network intrusion.

Forensics auditing for security risk management and compliance integrating with your choice of SIEM.

Additional resources

Want more product information? Explore detailed information about using this product and where to find additional help.