Reviews from AWS Marketplace
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
External reviews are not included in the AWS star rating for the product.
Aquasec Supply Chain Security Review
What do you like best about the product?
- supports different programming language
- supports integration with different technology/platform (Gitlab, Gitlab, Jenkins, Azure..etc)
- Aquasec team is always working on improving the functionality
- Aquasec team does take customer feedback into consideration when designing new feature/bug fix
- product provides insight into different aspect of supply chain security - IaC misconfiguration, secret detection, dependency vulnerability, SAST, SBOM all under one platform
- security scan in CICD pipeline that limited to modified code in merge request solve the issue of whole code repository scan, which often takes too long and not scalable for environment with many repos
- most of the time customer support provide prompt response
- the UI is straightforward
- supports integration with different technology/platform (Gitlab, Gitlab, Jenkins, Azure..etc)
- Aquasec team is always working on improving the functionality
- Aquasec team does take customer feedback into consideration when designing new feature/bug fix
- product provides insight into different aspect of supply chain security - IaC misconfiguration, secret detection, dependency vulnerability, SAST, SBOM all under one platform
- security scan in CICD pipeline that limited to modified code in merge request solve the issue of whole code repository scan, which often takes too long and not scalable for environment with many repos
- most of the time customer support provide prompt response
- the UI is straightforward
What do you dislike about the product?
- some area of UI requires imporvement, for instance if a column like file path is too long, we cannot expand the column to see the full path, need to hover on the condensed file path to get the information which could be time consuming
- need to add more criteria on search filters, for instance there is no way to search for suppression rule based on filters like code repository or controls
- need to include code line number in vulnerability finding report, not just the file name
- need to add more criteria on search filters, for instance there is no way to search for suppression rule based on filters like code repository or controls
- need to include code line number in vulnerability finding report, not just the file name
What problems is the product solving and how is that benefiting you?
Aquasec Supply Chain Security provide various kind of security scanning on the code report. It allow us to scan the code in CICD pipeline that limit the scope to just the code that is modified, so the scan is quick and provide real time feedback to the developers.
- Leave a Comment |
- Mark review as helpful
Great experience so far
What do you like best about the product?
User firnedly UI, Great support and communication from Aqua team.
What do you dislike about the product?
Could do with having more exporting features, with numerous filters to export PDFs/CSVs to both managerial and technical users.
What problems is the product solving and how is that benefiting you?
Showing us where the vulnerabilities lie within our applications. Helps us to show these to our Dev teams.
Aqua Security Review
What do you like best about the product?
Aqua Security gives great insight into various aspects of our cloud deployments from software dependencies and their respective vulnerabilities to misconfigurations within our Cloud infra. The GUI is easily digestible and clearly breaks down what resources are failing or passing which policies. Configuration and implementation can be easy with many just requiring a token or credential.
What do you dislike about the product?
I have not immediate qualms with the tool itself.
What problems is the product solving and how is that benefiting you?
Aqua Security definitely gives us a greater analysis in regards to software composition through the use of SBOMs. It also allows us to put in place controls to prevent the propagation of malware though pipeline contols enforced by custom policies.
Good vulnerability scanning tool
What do you like best about the product?
Aqua container scanning capabilities are well integrated with common CI/CD tools/frameworks.
Aqua has a good User Interface that makes vulnerability analysis and whitelisting very easy.
Aqua is easy to implement on premises.
Aqua has a good User Interface that makes vulnerability analysis and whitelisting very easy.
Aqua is easy to implement on premises.
What do you dislike about the product?
Aqua container platform pricing model based on number of code repositories and enforces.
You are forced to pay for features that you don't need or use.
You are forced to pay for features that you don't need or use.
What problems is the product solving and how is that benefiting you?
We use Aqua platform for vulnerability scanning on our CI/CD framework.
Director of Infrastructure Engineering
What do you like best about the product?
Ease of use and wide range of feature availability. It supports Windows containers.
What do you dislike about the product?
Nothing we've encountered yet has been an issue.
What problems is the product solving and how is that benefiting you?
Provides container security in our:
Container build pipelines
Container registry
Runtime environments
Container build pipelines
Container registry
Runtime environments
Aqua review
What do you like best about the product?
One of the things I like best about Aqua is its ease of use
What do you dislike about the product?
I would like if there were better reporting options within Aqua
What problems is the product solving and how is that benefiting you?
Aqua provide us vulnerability related data for our containers and give us information on the security posture of our kubernetes environment
high quality product and good customer service
What do you like best about the product?
Provide accurate visibility of application software. Very low false positive rate. Detection and actionable follow up instruction.
What do you dislike about the product?
area can be improved is the integration with third party tool, such as service now, jira ...
What problems is the product solving and how is that benefiting you?
gain visibilty of seurity risk associated with our application development process. helped us to quickly identify critial vulnerabilies and provide actionable follow up for our developers to address the issues.
Sr Cybersecurity Engineer
What do you like best about the product?
- Comprehensive platform - It provides full lifecycle protection for containers from build to runtime. This helps close security gaps that point solutions may miss.
- Integration with dev pipelines - Aqua integrates tightly with native build tools and CI/CD pipelines like Jenkins, Gitlab, Docker to enable seamless scanning and enforcement. This makes it easy for developers to adopt.
- Runtime protections - In addition to build-time scanning, Aqua enforces policies and monitors containers at runtime to prevent exploits and detect configuration drift over time.
- Visibility and reporting - The centralized console provides clear visibility into scanning results, policy violations and risks across all container environments. Robust reporting helps with compliance.
- Vulnerability database - Aqua maintains its own curated vulnerability database that is frequently updated to ensure the latest vulnerability definitions are being used in scans.
- Enterprise features - Capabilities like centralized management, control groups, role-based access and auditing make it suitable for large enterprise deployments with multiple teams.
- Active development - Aqua continues to release new features and enhancements on a regular basis, ensuring the platform keeps pace with trends in container security and usage.
Overall, I think Aqua offers one of the most full-featured and easy to use platforms for securing the entire container development lifecycle from a single vendor.
- Integration with dev pipelines - Aqua integrates tightly with native build tools and CI/CD pipelines like Jenkins, Gitlab, Docker to enable seamless scanning and enforcement. This makes it easy for developers to adopt.
- Runtime protections - In addition to build-time scanning, Aqua enforces policies and monitors containers at runtime to prevent exploits and detect configuration drift over time.
- Visibility and reporting - The centralized console provides clear visibility into scanning results, policy violations and risks across all container environments. Robust reporting helps with compliance.
- Vulnerability database - Aqua maintains its own curated vulnerability database that is frequently updated to ensure the latest vulnerability definitions are being used in scans.
- Enterprise features - Capabilities like centralized management, control groups, role-based access and auditing make it suitable for large enterprise deployments with multiple teams.
- Active development - Aqua continues to release new features and enhancements on a regular basis, ensuring the platform keeps pace with trends in container security and usage.
Overall, I think Aqua offers one of the most full-featured and easy to use platforms for securing the entire container development lifecycle from a single vendor.
What do you dislike about the product?
- False positives - Like all scanning tools, Aqua is susceptible to generating false positives that require developer time to investigate and resolve.
- Vendor lock-in - Investing heavily in Aqua's proprietary solution and data formats introduces some long-term vendor dependency risks.
- No Isolation control - Aqua only protects at the host/OS level currently. It does not provide full isolation capabilities of some specialized platforms.
- Immature microservices support - Aqua is container-native but some features are still catching up with advanced microservices patterns.
So in summary - cost, overhead of agents and potential vendor lock-in are some drawbacks that would need consideration.
- Vendor lock-in - Investing heavily in Aqua's proprietary solution and data formats introduces some long-term vendor dependency risks.
- No Isolation control - Aqua only protects at the host/OS level currently. It does not provide full isolation capabilities of some specialized platforms.
- Immature microservices support - Aqua is container-native but some features are still catching up with advanced microservices patterns.
So in summary - cost, overhead of agents and potential vendor lock-in are some drawbacks that would need consideration.
What problems is the product solving and how is that benefiting you?
1. Lack of container security visibility - Aqua provides a centralized platform to gain visibility into risks across the entire container development lifecycle from build to production. This helps organizations address security issues proactively.
2. Inability to shift security left - Without the right tools integrated into the development process, security typically gets tested too late. Aqua scans images during build/deploy and enforces policies to catch vulnerabilities early.
3. Difficulties with compliance - Container sprawl and lack of controls make it challenging to ensure configurations and software meet compliance standards. Aqua facilitates ongoing compliance through automated policy-based controls.
4. Workload vulnerabilities going undetected - Traditional security tools often miss container-specific risks. Aqua's runtime agent model and vulnerability database tailored for containers improves detection abilities.
5. Lack of developer security skills/tools - When security is separated from development, vulnerabilities persist. Aqua aims to integrate security practices into the developer workflow through seamless IDE/pipeline integrations.
So in summary, by gaining visibility, shifting security left, enforcing compliance and controls as code Aqua is intended to solve major security and compliance problems arising from adoption of container and cloud-native technologies.
2. Inability to shift security left - Without the right tools integrated into the development process, security typically gets tested too late. Aqua scans images during build/deploy and enforces policies to catch vulnerabilities early.
3. Difficulties with compliance - Container sprawl and lack of controls make it challenging to ensure configurations and software meet compliance standards. Aqua facilitates ongoing compliance through automated policy-based controls.
4. Workload vulnerabilities going undetected - Traditional security tools often miss container-specific risks. Aqua's runtime agent model and vulnerability database tailored for containers improves detection abilities.
5. Lack of developer security skills/tools - When security is separated from development, vulnerabilities persist. Aqua aims to integrate security practices into the developer workflow through seamless IDE/pipeline integrations.
So in summary, by gaining visibility, shifting security left, enforcing compliance and controls as code Aqua is intended to solve major security and compliance problems arising from adoption of container and cloud-native technologies.
Exceptional Security Solutions and Stellar Support
What do you like best about the product?
What I like best about Aqua Security is its comprehensive approach to security, proactive threat intelligence, strong focus on compliance, exceptional customer support, and commitment to continuous improvement. They truly excel in providing robust and tailored security solutions.
What do you dislike about the product?
While finding any significant drawbacks is challenging, Aqua Security's continuous improvement could benefit from even more frequent feature updates to further enhance its already exceptional offerings.
What problems is the product solving and how is that benefiting you?
Aqua Security solves security challenges in containers and cloud-native environments, providing enhanced protection, risk mitigation, and secure adoption of these technologies. Their solutions benefit us by ensuring the integrity and availability of our systems in these dynamic and evolving landscapes.
Best container scanning tool
What do you like best about the product?
I like the nice dashboards, I like how vulnerability findings are presented and explained in detail. I also like the fact that it provides remediation options. It's much easier to fix a problem when you have a tool like this.
I like the policies that can be easily configured for extra protection.
I like how nice and helpful the Aqua team always is, answering all our questions and always taking the time to discuss with us.
I like the policies that can be easily configured for extra protection.
I like how nice and helpful the Aqua team always is, answering all our questions and always taking the time to discuss with us.
What do you dislike about the product?
I think the intial config process was a bit long, but we managed to do it with the help of the Aqua team.
What problems is the product solving and how is that benefiting you?
Aqua helps us discover any high or critical vulnerability we might have and it gives us the instructions to follow in order to fix the problem.
showing 21 - 30