Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
room for growth a SAST oriented review
What do you like best about the product?
Remediation suggestions
categorization severity tabs
dependency list
Vulnerability list
Ease of implementation
Customer support
categorization severity tabs
dependency list
Vulnerability list
Ease of implementation
Customer support
What do you dislike about the product?
Improvement on false positives common SAST request so... whatever.
Historical understandings by various repos. To better understand where development could be consistently faltering. I'd like to drill down on a repo's history of fixes and flaws. Highlight what consistently reoccurs
IDE integration.
Have seen other solutions provide a code path of the flaw. This would be extra helpful to finding the base source of the issue. Or understanding the actual severity of the issue
Should add a jQuery version check to vulnerabilities. Known issues exist with older versions, security aggregate sites take points for older vulnerable jQuery versions.
A method to pick a set of issues and assign them to users/a method for users to pass to reviewers that integrate through 3rd party software like JIRA, Seems available in CSPM
minor: when creating a new suppression rule for a specific line. auto refresh the page so the added suppression is active in the count
Historical understandings by various repos. To better understand where development could be consistently faltering. I'd like to drill down on a repo's history of fixes and flaws. Highlight what consistently reoccurs
IDE integration.
Have seen other solutions provide a code path of the flaw. This would be extra helpful to finding the base source of the issue. Or understanding the actual severity of the issue
Should add a jQuery version check to vulnerabilities. Known issues exist with older versions, security aggregate sites take points for older vulnerable jQuery versions.
A method to pick a set of issues and assign them to users/a method for users to pass to reviewers that integrate through 3rd party software like JIRA, Seems available in CSPM
minor: when creating a new suppression rule for a specific line. auto refresh the page so the added suppression is active in the count
What problems is the product solving and how is that benefiting you?
Vulnerability and secret remidiations it was moderately successful with.
- Leave a Comment |
- Mark review as helpful
Powerful Software
What do you like best about the product?
It covers everything you need for container security, and the ability to have a self-hosted option.
What do you dislike about the product?
There is currently no parity of functionality between the cloud and self-hosted options.
What problems is the product solving and how is that benefiting you?
Secure our container-based applications before they are put in production.
Aquasec Supply Chain Security Review
What do you like best about the product?
- supports different programming language
- supports integration with different technology/platform (Gitlab, Gitlab, Jenkins, Azure..etc)
- Aquasec team is always working on improving the functionality
- Aquasec team does take customer feedback into consideration when designing new feature/bug fix
- product provides insight into different aspect of supply chain security - IaC misconfiguration, secret detection, dependency vulnerability, SAST, SBOM all under one platform
- security scan in CICD pipeline that limited to modified code in merge request solve the issue of whole code repository scan, which often takes too long and not scalable for environment with many repos
- most of the time customer support provide prompt response
- the UI is straightforward
- supports integration with different technology/platform (Gitlab, Gitlab, Jenkins, Azure..etc)
- Aquasec team is always working on improving the functionality
- Aquasec team does take customer feedback into consideration when designing new feature/bug fix
- product provides insight into different aspect of supply chain security - IaC misconfiguration, secret detection, dependency vulnerability, SAST, SBOM all under one platform
- security scan in CICD pipeline that limited to modified code in merge request solve the issue of whole code repository scan, which often takes too long and not scalable for environment with many repos
- most of the time customer support provide prompt response
- the UI is straightforward
What do you dislike about the product?
- some area of UI requires imporvement, for instance if a column like file path is too long, we cannot expand the column to see the full path, need to hover on the condensed file path to get the information which could be time consuming
- need to add more criteria on search filters, for instance there is no way to search for suppression rule based on filters like code repository or controls
- need to include code line number in vulnerability finding report, not just the file name
- need to add more criteria on search filters, for instance there is no way to search for suppression rule based on filters like code repository or controls
- need to include code line number in vulnerability finding report, not just the file name
What problems is the product solving and how is that benefiting you?
Aquasec Supply Chain Security provide various kind of security scanning on the code report. It allow us to scan the code in CICD pipeline that limit the scope to just the code that is modified, so the scan is quick and provide real time feedback to the developers.
Great experience so far
What do you like best about the product?
User firnedly UI, Great support and communication from Aqua team.
What do you dislike about the product?
Could do with having more exporting features, with numerous filters to export PDFs/CSVs to both managerial and technical users.
What problems is the product solving and how is that benefiting you?
Showing us where the vulnerabilities lie within our applications. Helps us to show these to our Dev teams.
Aqua Security Review
What do you like best about the product?
Aqua Security gives great insight into various aspects of our cloud deployments from software dependencies and their respective vulnerabilities to misconfigurations within our Cloud infra. The GUI is easily digestible and clearly breaks down what resources are failing or passing which policies. Configuration and implementation can be easy with many just requiring a token or credential.
What do you dislike about the product?
I have not immediate qualms with the tool itself.
What problems is the product solving and how is that benefiting you?
Aqua Security definitely gives us a greater analysis in regards to software composition through the use of SBOMs. It also allows us to put in place controls to prevent the propagation of malware though pipeline contols enforced by custom policies.
Good vulnerability scanning tool
What do you like best about the product?
Aqua container scanning capabilities are well integrated with common CI/CD tools/frameworks.
Aqua has a good User Interface that makes vulnerability analysis and whitelisting very easy.
Aqua is easy to implement on premises.
Aqua has a good User Interface that makes vulnerability analysis and whitelisting very easy.
Aqua is easy to implement on premises.
What do you dislike about the product?
Aqua container platform pricing model based on number of code repositories and enforces.
You are forced to pay for features that you don't need or use.
You are forced to pay for features that you don't need or use.
What problems is the product solving and how is that benefiting you?
We use Aqua platform for vulnerability scanning on our CI/CD framework.
Director of Infrastructure Engineering
What do you like best about the product?
Ease of use and wide range of feature availability. It supports Windows containers.
What do you dislike about the product?
Nothing we've encountered yet has been an issue.
What problems is the product solving and how is that benefiting you?
Provides container security in our:
Container build pipelines
Container registry
Runtime environments
Container build pipelines
Container registry
Runtime environments
Aqua review
What do you like best about the product?
One of the things I like best about Aqua is its ease of use
What do you dislike about the product?
I would like if there were better reporting options within Aqua
What problems is the product solving and how is that benefiting you?
Aqua provide us vulnerability related data for our containers and give us information on the security posture of our kubernetes environment
high quality product and good customer service
What do you like best about the product?
Provide accurate visibility of application software. Very low false positive rate. Detection and actionable follow up instruction.
What do you dislike about the product?
area can be improved is the integration with third party tool, such as service now, jira ...
What problems is the product solving and how is that benefiting you?
gain visibilty of seurity risk associated with our application development process. helped us to quickly identify critial vulnerabilies and provide actionable follow up for our developers to address the issues.
Sr Cybersecurity Engineer
What do you like best about the product?
- Comprehensive platform - It provides full lifecycle protection for containers from build to runtime. This helps close security gaps that point solutions may miss.
- Integration with dev pipelines - Aqua integrates tightly with native build tools and CI/CD pipelines like Jenkins, Gitlab, Docker to enable seamless scanning and enforcement. This makes it easy for developers to adopt.
- Runtime protections - In addition to build-time scanning, Aqua enforces policies and monitors containers at runtime to prevent exploits and detect configuration drift over time.
- Visibility and reporting - The centralized console provides clear visibility into scanning results, policy violations and risks across all container environments. Robust reporting helps with compliance.
- Vulnerability database - Aqua maintains its own curated vulnerability database that is frequently updated to ensure the latest vulnerability definitions are being used in scans.
- Enterprise features - Capabilities like centralized management, control groups, role-based access and auditing make it suitable for large enterprise deployments with multiple teams.
- Active development - Aqua continues to release new features and enhancements on a regular basis, ensuring the platform keeps pace with trends in container security and usage.
Overall, I think Aqua offers one of the most full-featured and easy to use platforms for securing the entire container development lifecycle from a single vendor.
- Integration with dev pipelines - Aqua integrates tightly with native build tools and CI/CD pipelines like Jenkins, Gitlab, Docker to enable seamless scanning and enforcement. This makes it easy for developers to adopt.
- Runtime protections - In addition to build-time scanning, Aqua enforces policies and monitors containers at runtime to prevent exploits and detect configuration drift over time.
- Visibility and reporting - The centralized console provides clear visibility into scanning results, policy violations and risks across all container environments. Robust reporting helps with compliance.
- Vulnerability database - Aqua maintains its own curated vulnerability database that is frequently updated to ensure the latest vulnerability definitions are being used in scans.
- Enterprise features - Capabilities like centralized management, control groups, role-based access and auditing make it suitable for large enterprise deployments with multiple teams.
- Active development - Aqua continues to release new features and enhancements on a regular basis, ensuring the platform keeps pace with trends in container security and usage.
Overall, I think Aqua offers one of the most full-featured and easy to use platforms for securing the entire container development lifecycle from a single vendor.
What do you dislike about the product?
- False positives - Like all scanning tools, Aqua is susceptible to generating false positives that require developer time to investigate and resolve.
- Vendor lock-in - Investing heavily in Aqua's proprietary solution and data formats introduces some long-term vendor dependency risks.
- No Isolation control - Aqua only protects at the host/OS level currently. It does not provide full isolation capabilities of some specialized platforms.
- Immature microservices support - Aqua is container-native but some features are still catching up with advanced microservices patterns.
So in summary - cost, overhead of agents and potential vendor lock-in are some drawbacks that would need consideration.
- Vendor lock-in - Investing heavily in Aqua's proprietary solution and data formats introduces some long-term vendor dependency risks.
- No Isolation control - Aqua only protects at the host/OS level currently. It does not provide full isolation capabilities of some specialized platforms.
- Immature microservices support - Aqua is container-native but some features are still catching up with advanced microservices patterns.
So in summary - cost, overhead of agents and potential vendor lock-in are some drawbacks that would need consideration.
What problems is the product solving and how is that benefiting you?
1. Lack of container security visibility - Aqua provides a centralized platform to gain visibility into risks across the entire container development lifecycle from build to production. This helps organizations address security issues proactively.
2. Inability to shift security left - Without the right tools integrated into the development process, security typically gets tested too late. Aqua scans images during build/deploy and enforces policies to catch vulnerabilities early.
3. Difficulties with compliance - Container sprawl and lack of controls make it challenging to ensure configurations and software meet compliance standards. Aqua facilitates ongoing compliance through automated policy-based controls.
4. Workload vulnerabilities going undetected - Traditional security tools often miss container-specific risks. Aqua's runtime agent model and vulnerability database tailored for containers improves detection abilities.
5. Lack of developer security skills/tools - When security is separated from development, vulnerabilities persist. Aqua aims to integrate security practices into the developer workflow through seamless IDE/pipeline integrations.
So in summary, by gaining visibility, shifting security left, enforcing compliance and controls as code Aqua is intended to solve major security and compliance problems arising from adoption of container and cloud-native technologies.
2. Inability to shift security left - Without the right tools integrated into the development process, security typically gets tested too late. Aqua scans images during build/deploy and enforces policies to catch vulnerabilities early.
3. Difficulties with compliance - Container sprawl and lack of controls make it challenging to ensure configurations and software meet compliance standards. Aqua facilitates ongoing compliance through automated policy-based controls.
4. Workload vulnerabilities going undetected - Traditional security tools often miss container-specific risks. Aqua's runtime agent model and vulnerability database tailored for containers improves detection abilities.
5. Lack of developer security skills/tools - When security is separated from development, vulnerabilities persist. Aqua aims to integrate security practices into the developer workflow through seamless IDE/pipeline integrations.
So in summary, by gaining visibility, shifting security left, enforcing compliance and controls as code Aqua is intended to solve major security and compliance problems arising from adoption of container and cloud-native technologies.
showing 21 - 30