Security

We think security is very important and are working on improving the security of aqua. aqua should allow you to install and execute tools securely. In this page, we describe aqua's security perspective.

List of Issues and Pull Requests

https://github.com/search?q=org%3Aaquaproj+label%3Asecurity

Features

• Design
  • aqua doesn't execute external commands except for go install and go build to install packages
    • This prevents malicious commands from being executed
  • Centrally managed Registry is provided
    • Compared with third party registries, it has low risk to be tampered
• Checksum Verification
• Policy as Code
  • Only standard registry is allowed by default (Secure by default)
• Cosign and SLSA Provenance
• Minisign
• GitHub Artifact Attestations