Aqua Security Launches Trivy Partner Connect to Expand Open Source Security Scanning Ecosystem

Program’s first members Echo and Minimus deliver secure-by-design image solutions to Trivy users

BOSTON and TEL AVIV, Israel, July 07, 2025 (GLOBE NEWSWIRE) -- Aqua Security, the pioneer in cloud native security and the primary maintainer of Aqua Trivy, today announced the launch of the Trivy Partner Connect Program. This new initiative expands the commercial ecosystem around Trivy, the world’s most popular open source vulnerability and misconfiguration scanner. The first two partners to join the program are Echo and Minimus, both delivering secure-by-design image solutions that align with Trivy’s mission of empowering developers and security teams through open, trusted tools.

Trivy Partner Connect offers a structured framework for commercial vendors to build, integrate, and collaborate with Trivy, bringing new capabilities to the massive Trivy user base while fostering sustainable open source development.

“Trivy Partner Connect represents our commitment to the millions of developers and security teams who rely on Trivy around the world every day,” said Itay Shakury, VP of Open Source at Aqua Security. “For our global community of users, this program ensures continued investment in reliability and cutting-edge capabilities they’ve come to expect from the world’s most popular security scanner. For our partners, Partner Connect provides a path to influence the roadmap, access priority support, and reach Trivy's massive global user base. Together, we're not just building an open source tool, we’re building a more secure future.”

New Value for Users and the Open Source Community

With over 27,000 GitHub stars, more than 100 million annual downloads and millions of active monthly users, Trivy has become the standard for open source security scanning. Trivy Partner Connect brings new value to this community by expanding support for platforms, artifacts and integrations without changing how users interact with the tool.

For enterprise users, this means:

• Broader security coverage with new partner-contributed content and integrations.
• Faster innovation driven by collaborative engineering between Aqua and partners.
• No disruption to current workflows, Trivy remains fully open and free to use.
• Increased long-term value as commercial contributions strengthen the open source core.

Echo and Minimus: Trivy's First Partners

Echo delivers hundreds of vulnerability-free base images that are automatically patched, hardened, and FIPS-validated. Built for enterprise adoption, the secure-by-design images are compatible with existing operating systems and scanners like Trivy, enabling zero-effort adoption for engineers and visible impact for security teams.

“Echo is built for enterprise teams ready to tackle the underlying cause of vulnerability management, rather than simply treating its symptoms. Through AI agents, we deliver CVE-free images that are built clean and kept clean,” said Eilon Elhadad, CEO and Co-Founder. “Joining Trivy Partner Connect allows us to amplify our impact, reach security-conscious users globally through the tool they already use, and enable engineers to focus on revenue-driving development rather than trying to fix vulnerabilities in code they didn’t even write.”

Minimus offers secure, minimal container and virtual machine images. Rebuilt daily from source, Minimus images have 95% fewer CVEs than their traditional counterparts, application specific hardening, real-time exploit intelligence, and support for FIPS and STIG workloads.

“Trivy has earned enormous trust in the open source community. By partnering with Trivy, we’re making it easier than ever to eliminate vulnerabilities at the earliest stages of development. As a Trivy Connect partner, we can reach that audience with a shared mission of eliminating vulnerabilities before they exist,” said John Morello, CTO and Co-Founder. “The radical reduction in CVEs Minimus images provide, combined with Trivy’s comprehensive container visibility radically accelerates detection and remediation for security and development teams.”

Value for Partners: Built for OEMs and Ecosystem Builders

Trivy Partner Connect supports OEM partners and ecosystem partners alike. OEM partners embed Trivy within their products, while e systems partners build complementary solutions that integrate or enhance Trivy capabilities. Key benefits for the OEM partners include:

• Access to the industry’s most comprehensive scanner – Partners can integrate Trivy’s proven detection capabilities (covering vulnerabilities, misconfigurations, secrets, licenses, and SBOMs) directly into their offering.
• Commercial licensing and content clarity – OEM partners can ensure license-compliant use of Trivy and its content, giving customers confidence in legal and operational clarity.
• Priority support and engineering collaboration – Direct access to the Trivy core team enables faster problem-solving, tailored feature support, and alignment with future roadmap development.
• Accelerated time-to-market – OEMs can build differentiated security features without building scanning engines from scratch.

Ecosystem Partners have slightly different needs as they build complementary solutions around Trivy. Key benefits for these partners include:

• Trusted exposure to the world’s largest scanning community – Trivy’s open source ecosystem provides a direct channel to millions of users in dev, security, and DevOps roles.
• Streamlined integration into enterprise environments – Partner offerings can be surfaced to Trivy users within their existing workflows, increasing adoption with minimal friction.
• Joint go-to-market and marketing opportunities – Ecosystem partners gain visibility through shared announcements, technical blogs, community highlights, and event participation.
• Technical validation and feedback – Collaborating with the Trivy team helps ensure seamless interoperability and unlocks early access to new capabilities.

Program Tiers and Ongoing Expansion

Trivy Partner Connect includes three tiers:

1. Certified – For partners who integrate with Trivy and meet trademark and marketing alignment standards.
2. Core – For partners requiring deeper engineering collaboration, roadmap access, and product knowledge.
3. Advisor – For contributors who provide vulnerability data or enrichment services to support broader coverage.
   

“This program represents our commitment to sustainable open source development,” said Itay. “By creating structured commercial partnerships, we can accelerate Trivy's capabilities while ensuring the health and growth of our community.”

Trivy Partner Connect is open and expanding quickly. Organizations interested in joining can learn more and apply at Trivy Partner Connect.

About Aqua Trivy
Aqua Trivy is the world's most popular open source universal scanner, used to identify vulnerabilities, misconfigurations, secrets, and license issues across containers, IaC, code, cloud, and Kubernetes. With seamless CI/CD integration and broad artifact support, Trivy is trusted by developers, DevOps, and security teams around the globe. Learn more at https://trivy.dev.

About Aqua Security
Aqua Security is the pioneer in securing AI and containerized cloud native applications from development to production. Aqua’s full lifecycle solution prevents attacks by enforcing pre-deployment hygiene and mitigates attacks in real time in production, reducing mean time to repair and overall business risk. The Aqua Platform, a Cloud Native Application Protection Platform (CNAPP), integrates security from Code to Cloud, combining the power of agent and agentless technology into a single solution. With enterprise scale that doesn’t slow development pipelines, Aqua secures your future in the cloud. Founded in 2015, Aqua is headquartered in Boston, MA, and Ramat Gan, IL, protecting over 500 of the world’s largest enterprises. For more information, visit https://www.aquasec.com.

Contact

Geena Pickering

Look Left Marketing

gpickering@lookleftmarketing.com

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.