Xray and Aqua Keeping Your Containers in Safe Waters

While Docker has become all the rage, it is still a relatively new technology in the market. Many companies have introduced it into their organizations, but relatively few have taken Docker to production. One of the reasons is the security risk inherent in running a large set of containers, often based on open source code, where each may include vulnerabilities. Docker images (the base files from which containers are instantiated in runtime) contain not only the application code, but also many components and libraries the containers needs in order to run. The risk is having applications with exploitable vulnerabilities that slip undetected through your pipeline, which could lead to anything from denial-of-service attacks to data theft and malware propagation. To mitigate this risk, JFrog Xray has integrated with Aqua Security.

Aqua Security provides an end-to-end solution for securing containerized applications. A crucial first step in this process is controlling the inflow of container images into the pipeline. Aqua provides vulnerability scanning of container images that includes both packages and specific languages. Through the Xray integration, this process is fully automated and immediately provides a view of existing vulnerabilities in the container images that can then be remediated early in the pipeline. Furthermore, Aqua’s Continuous Image Assurance makes it possible to enforce image usage policies throughout the pipeline to ensure that only scanned images are allowed and define what constitutes acceptable levels of vulnerability. Docker images that do not meet the criteria will not be allowed to run as containers.

To get this protection, all you need to do is enter your Aqua account API key in your Xray configuration:

Xray Aqua integration


Once the integration is enabled and configured with your Aqua account details, each time Xray runs a scan, it queries Aqua with unique identifiers of images in your Artifactory Docker registries. If Aqua’s database comes up with vulnerabilities for any of the images Xray has scanned, Xray will then issue alerts according to the filters you have defined in your watches.

Alert generated by Aqua

Through Xray’s integration with Aqua Security you automatically get early notification of vulnerabilities in any of your Docker images, so you can stake steps for remediation to remove security risks well before going to production.

Want to learn more about Xray’s integration with Aqua Security? Register for our joint webinar.