Aqua Security has announced the acquisition of tfsec, an open-source security scanner for Infrastructure as Code (IaC). The acquisition brings an immediate integration of tfsec into Aqua Trivy, adding IaC security scanning capabilities, with additional Aqua platform integrations planned later this year.
Tfsec co-founders Liam Galvin and Owen Rumney will join the Aqua team as Cloud Engineers bringing deep experience in both software and open source.
The integration of Aqua Trivy and tfsec helps teams to shift left, combining the ease of use and scanning speed of Trivy with the enhanced IaC coverage with tfsec, without additional management overhead and as part of a unified workflow.
With its run anywhere design, tfsec provides a download and run scanning solution that is fast, accurate, and flexible. According to the company, the unique approach tfsec takes to loading your code ensures that your IaC is interpreted exactly as Terraform does; meaning that regardless of complexity, you get the best possible view of any vulnerabilities before you deploy.
While tfsec will remain a standalone project, in addition to its integration into Trivy, it will also be added to Aqua Security’s suite of open source cloud security tools, including Tracee, Starboard, Kube-bench and Kube-hunter. With this portfolio, users can also perform penetration tests of Kubernetes clusters, integrate disparate Kubernetes security tools into an aggregate security dataset that is available natively in Kubernetes, view runtime and forensics data for Linux, and more.