Real-Time eBPF monitoring technology prevents code tampering throughout build and delivery

Aqua Security has added pipeline integrity scanning to prevent software supply chain attacks and assure CI/CD pipeline integrity.

  • Friday, 19th May 2023 Posted 1 year ago in by Phil Alsop

Powered by eBPF technology, Aqua’s pipeline integrity scanner detects and blocks suspicious behaviour and malware in real time, preventing code tampering and countering threats in the software build process. This industry-first solution equips organisations to feel confident in their ability to strategically stop the most aggressive software supply chain threats that produce massive attack surfaces.

With the rise of software supply chain attacks, and a constantly changing threat landscape, organisations are now being held accountable for incorporating security best practices throughout their software development lifecycles. Software integrity validation, one of these best practices, is mentioned as one of the key requirements in major industry frameworks for supply chain security including SLSA, NIST Secure Software Development Framework and the CIS Software Supply Chain Benchmark. 

“SolarWinds demonstrated the catastrophic effects of compromising the integrity of the software build process and the critical need to continuously validate software integrity,” said Amir Jerbi, CTO of Aqua Security. “Our new pipeline integrity scanner solves one of the industry’s most urgent needs to ensure the integrity of the modern development process and prevent this type of destructive software supply chain attack.” 

Aqua’s pipeline integrity scanner detects suspicious behaviour or malware that characterises a supply chain attack. The capability also takes advantage of behavioural signatures produced by the Aqua Nautilus research team to detect zero-day threats based on cloud native attacks seen in the wild.

After connecting to the build pipeline, pipeline integrity scanning allows developers to:  

Monitor the build pipeline and define a baseline for how the build operates. Teams can understand how their build pipeline runs and what is typical network activity, file access patterns and process activity in known good environments.

Detect any drifts from the baseline. Once the baseline is established, the scanner can detect any drift from this state and alert teams on anything unusual and anomalous (including unexpected file modification, establishing communication with a suspicious URL, usage of a dropped malicious executable) to guarantee the integrity of the build process.

Minimise attack vectors. Close security gaps in CI/CD pipelines by continuously scanning for pipeline drift. This allows teams to prevent the tampering of code in the earliest stages of the software build process and maintain dev tool integrity.

Set up assurance policies. To scale safe development practices and ensure software integrity, assurance policies can be implemented to block completion of new builds that show signs of suspicious activity. This gives developers the ability to react in the development process where it is easier to fix. 

“This is the first solution of its kind,” adds Jerbi. “Other software supply chain security tools only focus on code scanning or static analysis of build artifacts, such as a software bill of materials or SBOM. These are important but have proven insufficient to detect and stop supply chain attacks of this type.” 

Powered by eBPF Technology

Aqua’s pipeline integrity scanner leverages Tracee, the company’s robust open source runtime security and forensics sensor for Linux. Thanks to its lightweight capabilities, eBPF technology can provide visibility into the build’s runtime and detect threats in real time with minimal disruption. By detecting and stopping drift of the original build through eBPF-based scanning and policies, teams can protect their software from unauthorised access and prevent advanced supply chain attacks. 

Aqua is the first to introduce this dynamic capability that complements its existing shift-left capabilities including code scanning, CI/CD posture management, and next-gen SBOM to provide customers with the most comprehensive protection on the market.  

Pipeline integrity scanning is part of its Software Supply Chain Security solution that secures code, all development infrastructure, and pipeline processes so that organisations can build and ship innovation faster and more securely.  Delivered by the Aqua Cloud Security Platform, a cloud native application protection platform (CNAPP), it improves operational efficiency by connecting cloud to dev and tracing runtime risks to the code and developer who can fix them.