Aqua Security for PCF (Beta)

WARNING: The Aqua Security for Pivotal Cloud Foundry (PCF) tile is currently in beta and is intended for evaluation and test purposes only. Do not use this product in a PCF production environment.

This topic describes the Aqua Security for PCF tile.

As a PCF operator, you can download and install the Aqua Security for PCF tile to deploy the Aqua Command Center in your PCF environment, which security teams may then use to provision image assurance policies. As a developer, you can perform security scanning of your PCF applications at build time with immediate feedback about vulnerabilities and open source licenses in your code, all while complying with corporate GRC policies. Aqua Security for PCF also includes all the same level of protection for docker containers, registries, and runtime that Aqua Security Enterprise provides.


The Aqua solution is easy to operate, providing you with the most advanced scanning capabilities on the market today. It supports more than forty languages, including Java, Go, C++, Python, Ruby, NodeJS, and more, as well as static binaries. In addition, you can use our set of APIs to integrate Aqua with your preferred CI/CD tools for security testing as part of the build, with Active Directory/LDAP for user authentication and with SIEM/analytics to output audit and alert data.

The Aqua Security for PCF tile provides all of the components that make up an Aqua Command Center. The tile also includes a buildpack decorator component that allows for the implementation of Aqua Droplet Assurance Policy enforcement.

Key Features

With Aqua, you can benefit from these capabilities:

  • Perform staging environment scanning of droplets for known vulnerabilities based on data from multiple resource feeds (public CVEs, vendor-issued, proprietary vulnerability, malware, and data streams)
  • Block unauthorized droplets from being uploaded to blob stores based on droplet assurance policies
  • Stop unknown droplets
  • Stop droplets by CVEs and score
  • Detect and stop droplets with hardcoded embedded secrets and/or private information such as keys
  • Add custom compliance checks (bash, OPAL, and powershell-based)
  • View actionable mitigation information on how to mitigate detected vulnerabilities
  • Gain visibility into droplet vulnerabilities and misconfigurations directly from CI tools (e.g. Concourse, Jenkins, TeamCity, Bamboo, Microsoft VSTS, etc.) and Aqua dashboard
  • Scan docker registries to identify unregistered containers
  • Implement Aqua Console components with HA options

Product Snapshot

Note: As of PCF v2.0, Elastic Runtime is renamed Pivotal Application Service (PAS).

The following table provides version and version-support information about Aqua Security.

Element Details
Tile version version 0.8.1
Release date March 5, 2018
Software component version version 0.8.1
Compatible Ops Manager version(s) v1.11.x, v1.12.x, and v2.0.x
Compatible Pivotal Application Service version(s) v1.11.x, v1.12.x, and v2.0.X
IaaS support All platforms


Aqua Security for PCF has the following requirements: A purchased or thirty-day trial license provided by Aqua Security. You can request a trial license here or by emailing Aqua Security Sales.


If you have a feature request, questions, or information about a bug, please email Pivotal Cloud Foundry Feedback list or send an email toAqua Security Support.


For help with troubleshooting this product, contact Aqua Security Support

Create a pull request or raise an issue on the source for this page in GitHub