aid: aqua-security name: Aqua Security description: Aqua Security provides cloud-native security for the full application lifecycle, protecting containers, serverless functions, and cloud workloads with vulnerability scanning, runtime protection, and compliance enforcement. type: Index image: https://kinlane-productions.s3.amazonaws.com/apis-json/apis-json-logo.jpg tags: - Cloud Native - Containers - Kubernetes - Runtime Protection - Security - Vulnerability Scanning url: https://raw.githubusercontent.com/api-evangelist/aqua-security/refs/heads/main/apis.yml created: '2026-03-26' modified: '2026-05-19' specificationVersion: '0.19' apis: - aid: aqua-security:aqua-security name: Aqua Security description: Aqua Security provides cloud-native security for the full application lifecycle, protecting containers, serverless functions, and cloud workloads with vulnerability scanning, runtime protection, and compliance enforcement. humanURL: https://www.aquasec.com/ tags: - Cloud Native Security - Container Security - Kubernetes - Runtime Protection - Security - Vulnerability Scanning - CSPM - DevSecOps properties: - type: Documentation url: https://docs.aquasec.com/ - type: GettingStarted url: https://docs.aquasec.com/docs/getting-started - type: APIReference url: https://docs.aquasec.com/reference/api-overview - type: Authentication url: https://docs.aquasec.com/reference/authentication - type: OpenAPI url: https://raw.githubusercontent.com/api-evangelist/aqua-security/refs/heads/main/openapi/aqua-security-api.yaml - type: JSONSchema url: https://raw.githubusercontent.com/api-evangelist/aqua-security/refs/heads/main/json-schema/aqua-security-api-container-list-schema.json - type: NaftikoCapability url: capabilities/aqua-security-authentication.yaml - type: NaftikoCapability url: capabilities/aqua-security-containers.yaml - type: NaftikoCapability url: capabilities/aqua-security-images.yaml - type: NaftikoCapability url: capabilities/aqua-security-policies.yaml - type: NaftikoCapability url: capabilities/aqua-security-registries.yaml - type: NaftikoCapability url: capabilities/aqua-security-users.yaml - aid: aqua-security:trivy name: Trivy description: Trivy is a comprehensive open source security scanner for containers, Kubernetes, code repositories, clouds, and more — finding vulnerabilities, misconfigurations, secrets, and SBOMs. humanURL: https://trivy.dev/ tags: - Container Scanning - Open Source - Vulnerability Scanner - SBOM - Kubernetes Security properties: - type: Documentation url: https://aquasecurity.github.io/trivy/ - type: GettingStarted url: https://aquasecurity.github.io/trivy/latest/getting-started/installation/ - type: GitHubRepository url: https://github.com/aquasecurity/trivy - aid: aqua-security:tracee name: Tracee description: Tracee is a runtime security and forensics tool for Linux that uses eBPF technology to trace system events and detect suspicious behavioral patterns. humanURL: https://aquasecurity.github.io/tracee/ tags: - eBPF - Runtime Security - Linux Security - Forensics - Open Source properties: - type: Documentation url: https://aquasecurity.github.io/tracee/ - type: GitHubRepository url: https://github.com/aquasecurity/tracee common: - type: ArazzoWorkflows url: arazzo/ workflows: - url: arazzo/aqua-security-create-assurance-policy-workflow.yml name: Aqua Security Create Assurance Policy summary: Authenticate, create an image assurance security policy, then list policies to confirm it was registered. - url: arazzo/aqua-security-image-compliance-gate-workflow.yml name: Aqua Security Image Compliance Gate summary: Authenticate, poll an image scan to completion, then branch on whether critical or high vulnerabilities were found to pass or fail a compliance gate. - url: arazzo/aqua-security-image-vulnerability-lookup-workflow.yml name: Aqua Security Image Vulnerability Lookup summary: Authenticate, list registered images filtered by registry and repository, then fetch full vulnerability detail for the first match. - url: arazzo/aqua-security-onboard-registry-image-workflow.yml name: Aqua Security Onboard Registry Image summary: Authenticate, confirm the target registry is configured, register an image from it, then poll the scan to completion. - url: arazzo/aqua-security-registry-inventory-workflow.yml name: Aqua Security Registry Inventory summary: Authenticate, list configured registries, then enumerate the images registered under the first connected registry. - url: arazzo/aqua-security-rescan-and-cleanup-workflow.yml name: Aqua Security Rescan And Cleanup summary: Authenticate, re-register an image to trigger a fresh scan, poll until it completes, then delete the image when its scan failed. - url: arazzo/aqua-security-running-container-inventory-workflow.yml name: Aqua Security Running Container Inventory summary: Authenticate, list running containers monitored by the enforcer, then read the image detail behind the first running container. - url: arazzo/aqua-security-scan-image-on-demand-workflow.yml name: Aqua Security Scan Image On Demand summary: Authenticate, register a container image for scanning, then poll until the scan completes and read its vulnerability counts. - type: LinkedIn url: https://www.linkedin.com/company/aquasecteam - type: Portal url: https://www.aquasec.com/ - type: Documentation url: https://docs.aquasec.com/ - type: GitHubOrganization url: https://github.com/aquasecurity - type: Blog url: https://www.aquasec.com/blog/ - type: Pricing url: https://www.aquasec.com/aqua-cloud/ - type: SignUp url: https://www.aquasec.com/demo/ - type: Support url: https://support.aquasec.com/ - type: StatusPage url: https://status.aquasec.com/ - type: TermsOfService url: https://www.aquasec.com/aqua-cloud/terms-of-service/ - type: PrivacyPolicy url: https://www.aquasec.com/privacy-policy/ - type: ReleaseNotes url: https://docs.aquasec.com/docs/release-notes - type: Features data: - name: Vulnerability Scanning description: Comprehensive scanning of container images, VM workloads, and serverless functions for known CVEs and misconfigurations. - name: Runtime Protection description: Real-time protection of running containers and cloud workloads using behavioral analysis and policy enforcement. - name: CSPM description: Cloud Security Posture Management to identify and remediate misconfigurations across AWS, Azure, and GCP. - name: Supply Chain Security description: Protect the software supply chain by scanning code, open source dependencies, and CI/CD pipelines. - name: Kubernetes Security description: Native Kubernetes security including admission control, runtime policies, and compliance benchmarks. - name: Compliance Enforcement description: Automated compliance checks against CIS, PCI-DSS, HIPAA, NIST, and other regulatory frameworks. - name: Secrets Detection description: Detect and prevent secrets and credentials from being embedded in container images and code repositories. - name: Network Policy description: Visualize and enforce container network connectivity and micro-segmentation policies. - type: UseCases data: - name: Container Security description: Secure Docker and OCI containers throughout the build-to-runtime lifecycle. - name: Kubernetes Security description: Enforce security policies, runtime protection, and compliance for Kubernetes clusters. - name: Serverless Security description: Protect AWS Lambda, Azure Functions, and Google Cloud Functions from vulnerabilities and runtime attacks. - name: DevSecOps description: Integrate security scanning into CI/CD pipelines to shift security left and prevent vulnerabilities from reaching production. - name: Cloud Workload Protection description: Protect VMs and cloud workloads across multi-cloud environments from threats and misconfigurations. - name: SBOM Generation description: Generate Software Bill of Materials (SBOM) for container images and code repositories to understand component risk. - type: Integrations data: - name: AWS description: Native integrations with AWS ECS, EKS, Lambda, ECR, Security Hub, and other AWS services. - name: Azure description: Integrations with Azure Kubernetes Service, Azure Container Registry, and Azure Security Center. - name: Google Cloud description: Support for GKE, Google Container Registry, and Cloud Run on Google Cloud Platform. - name: GitHub Actions description: Trivy GitHub Action for automated vulnerability scanning in CI/CD workflows. - name: Jenkins description: Jenkins plugin for container image scanning and policy enforcement in pipelines. - name: Terraform description: Terraform provider for declarative management of Aqua Security platform configuration. - name: Helm description: Official Helm charts for deploying Aqua Security components on Kubernetes. - name: Splunk description: Integration with Splunk for centralized security event logging and SIEM. - name: PagerDuty description: Alert routing to PagerDuty for runtime security event notifications. - name: Slack description: Security alert notifications delivered to Slack channels. - type: SpectralRules url: https://raw.githubusercontent.com/api-evangelist/aqua-security/refs/heads/main/rules/aqua-security-spectral-rules.yml - type: Vocabulary url: https://raw.githubusercontent.com/api-evangelist/aqua-security/refs/heads/main/vocabulary/aqua-security-vocabulary.yaml - type: JSONLD url: https://raw.githubusercontent.com/api-evangelist/aqua-security/refs/heads/main/json-ld/aqua-security-api-context.jsonld - name: MCP Server url: https://github.com/aquasecurity/trivy-mcp type: MCPServer maintainers: - FN: Kin Lane email: kin@apievangelist.com