Aqua Security Pocket Book — Uplatz
30+ deep-dive flashcards • Wide layout • Container & Kubernetes Security • Runtime Protection • Interview Q&A
Cheat-friendly snippets • Clear mental models • Production-ready DevSecOps tips
1) What is Aqua Security?
Aqua Security is a cloud-native security platform that protects containers, Kubernetes, and serverless workloads. It secures the full application lifecycle: build → deploy → run.
2) Why Aqua?
✔ Container image scanning
✔ Runtime threat detection
✔ Kubernetes admission control
✔ CI/CD pipeline integration
✔ Cloud compliance benchmarks (CIS, NIST).
3) Core Components
- Aqua Scanner (image scanning)
- Enforcer (runtime defense agent)
- Gateway (policy engine)
- Console (management UI)
4) Deployment Models
Aqua can run on-prem, cloud, or hybrid. It integrates natively with Kubernetes clusters and supports Helm-based deployment.
helm repo add aqua https://aquasecurity.github.io/helm-charts
helm install aqua aqua/aqua-console --namespace aqua
5) Image Scanning
Scan images for CVEs, secrets, malware, misconfigs before deployment.
docker scan myapp:latest
trivy image nginx:1.236) CI/CD Integration
Aqua integrates with Jenkins, GitLab CI, and GitHub Actions to block vulnerable builds automatically.
trivy fs --exit-code 1 --severity HIGH,CRITICAL ./src7) Kubernetes Admission Control
Aqua prevents unscanned or non-compliant images from being deployed to clusters.
kubectl describe validatingwebhookconfiguration aqua-admission
8) Runtime Policies
Define policies for allowed processes, networking, and filesystem changes. Aqua blocks privilege escalation attempts and suspicious syscalls.
9) Enforcer
Agent deployed as a DaemonSet on Kubernetes nodes. Enforces runtime policies and reports telemetry to Aqua Console.
10) Container Drift Prevention
Aqua detects unauthorized changes in running containers and prevents persistence of threats.
11) Secret Management
Aqua integrates with HashiCorp Vault, AWS Secrets Manager, and KMS to inject secrets securely into containers at runtime.
12) Benchmarks
Supplies CIS Kubernetes Benchmark checks, Docker benchmark, and custom compliance rules.
13) Audit Logging
Aqua generates detailed audit logs of container activity and policy violations, exportable to SIEM (Splunk, ELK).
14) Risk Dashboard
The Aqua Console provides a centralized risk score across workloads, highlighting critical CVEs, misconfigs, and runtime anomalies.
15) Q: How does Aqua compare to Twistlock?
Answer: Both are container security platforms. Aqua emphasizes openness & Kubernetes-native deployments; Twistlock (Prisma Cloud) is more integrated with Palo Alto ecosystem.
16) Q: Can Aqua block zero-day exploits?
Answer: Aqua mitigates unknown threats via behavioral runtime policies (blocking privilege escalation, abnormal syscalls, crypto mining).
17) Q: What role does Trivy play?
Answer: Trivy (by Aqua) is an open-source vulnerability scanner for containers, IaC, and Git repos. It powers Aqua’s commercial image scanning as well.
18) Q: How to secure Kubernetes with Aqua?
Answer: Apply admission controllers, enforce runtime policies, monitor drift, integrate with RBAC, and run CIS benchmark scans.