Aqua Security for PCF

Application Lifecycle Security Solution for Pivotal Cloud Foundry Containers

Compatible with PAS

Compatible with PAS
Can be consumed by apps on PAS

Compatible with PKS
Can be consumed by apps on PKS

Compatible with Standalone PKS
Runs on PKS with no dependency on PAS

Aqua Security for PCF enables users deploying apps to PCF to automatically scan application or container artifacts for vulnerabilities and prevent them from being deployed. Aqua Security for PCF empowers enterprise users to apply security best practices early in the build process to ensure that only code in compliance with their organization’s security and compliance policies is deployed.

Automatically Scan Application or Container Artifacts for Known Vulnerabilities

Application or container artifacts are scanned for vulnerabilities, secrets, and malware. Scans can be done directly from CI/CD tools (e.g. Jenkins, Visual Studio Team Services, Bamboo).

Prevent Deployment of Unapproved Application or Container Artifacts

Identify and block non-compliant application or container artifacts based on pre-configured assurance policies that check for: authorization, CVEs and score, presence of hard-coded secrets, presence of malware.

Create Custom Compliance Checks in the Pipeline

Add custom compliance checks to identify security and compliance risks (e.g. PCI, GDPR data). Actionable mitigation information is provided on detected vulnerabilities for fast remediation.

Aqua Security for PCF
Aqua Securityの概要

Aqua has purpose-built a platform to leverage the properties of containers to make applications more secure than ever before possible. By providing full lifecycle security controls at a very granular level, Aqua combines preventive and reactive controls to protect applications in runtime, detect and block attacks, and provide visibility and auditing for compliance. The Aqua Container Security platform deeply integrates into the build pipeline to detect issues early in the lifecycle and minimize the attack surface. It then monitors the runtime environment and prevents malicious activity using a whitelisting policy based on both declarative information and machine-learned behavior. It also integrates with LDAP/AD, secrets stores (e.g., HashiCorp, CyberArk), collaboration tools (e.g., Slack, PagerDuty) and SIEM tools (e.g., Splunk, ArcSight) to enable scalable enterprise security. Aqua empowers enterprises to:

  • “Shift left” security, enabling DevSecOps to accelerate application delivery with full automation and no compromise on security
  • Protect workloads in runtime against known vulnerabilities, zero-day exploits, malware, and insider threats
  • Limit the impact of breaches with a container-level firewall
  • Secure their applications once, and deploy them anywhere with no need to re-configure security policies and controls
  • Meet regulatory compliance requirements such as PCI-DSS, HIPAA and GDPR

Aqua Securityの詳細


Available as a language agnostic meta-buildpack for deploying native integration applications in any language.

Available as a custom buildpack.

The buildpack is documented with instructions for setup and operation.

“We are proud to extend Aqua’s security capabilities to Pivotal Cloud Foundry users. Our automated lifecycle security controls enable organizations to integrate security best practices into the build process based on compliance or corporate GRC requirements. With that, we are especially pleased to empower Pivotal customers, enabling them to seamlessly implement and automate strong security capabilities into their development processes.”

Upesh Patel, Vice President of Business Development, Aqua Security


  1. Developer runs a CF push command
  2. Meta buildpack is invoked and claims the build
  3. Meta buildpack invokes the relevant language buildpack
  4. Language buildpack claims the build and produces a droplet
  5. Meta buildpack invokes the Aqua Decorator
  6. Droplet contents are scanned by the Aqua Decorator; scan results are displayed in the Aqua dashboard/CI tool
  7. If droplet complies with the droplet Assurance Policy, the droplet is approved and an application is created


Let us tell you more.

Contact us about Aqua Security for PCF.