Aqua Security, a leader in cloud-native security, has announced the Trivy Partner Connect Program, a new initiative to strengthen the commercial ecosystem around Trivy, its open-source vulnerability and misconfiguration scanner. With this program, Aqua aims to blend commercial innovation with community-driven development, enhancing Trivy’s capabilities without changing how users interact with the tool.
Empowering Commercial Collaboration Around Open Source
The program creates a structured framework for commercial vendors to build and integrate with Trivy, allowing for faster innovation and broader security coverage. By encouraging collaboration between Aqua and partners, the initiative ensures Trivy remains open-source and freely accessible while gaining new functionalities.
With over 27,000 GitHub stars, 100 million annual downloads, and millions of monthly users, Trivy’s growing popularity makes it an ideal base for ecosystem collaboration. The new program brings users:
- Wider platform and artifact support
- Faster innovation through joint engineering
- Uninterrupted workflows with an open core
- Enhanced long-term value from commercial contributions
Three-Tier Partner Framework
To structure its ecosystem, Aqua Security has introduced three partner tiers:
- Certified – For partners that align with Trivy’s trademark and marketing standards.
- Core – Designed for partners engaging in deep technical collaboration and roadmap planning.
- Advisor – For those contributing data or enrichment services that boost Trivy’s threat intelligence.
This framework allows partners to both influence the roadmap and reach Trivy’s global developer and security community.
Support for OEMs and Ecosystem Builders
The program caters to both OEM partners and ecosystem partners, offering several strategic advantages:
OEM Partners benefit from:
- Direct integration with Trivy’s scanning engine for vulnerabilities, misconfigurations, licenses, secrets, and SBOMs
- Legal and operational clarity via commercial licensing
- Roadmap visibility and faster problem resolution via the core Trivy team
- Ability to offer differentiated features without building scanning engines from scratch
Ecosystem Partners gain:
- Access to Trivy’s vast open-source user base in development, DevOps, and security
- Workflow-native integrations for easier enterprise adoption
- Co-marketing opportunities through blogs, events, and technical collaboration
- Early access to new features and tools
Echo and Minimus Join as Founding Partners
Two companies, Echo and Minimus, have joined as founding members of the Trivy Partner Connect Program.
Echo provides vulnerability-free base images that are patched, hardened, and FIPS-validated. “We’re solving the root cause of vulnerability management,” said Echo CEO Eilon Elhadad. “Partnering with Trivy helps us reach global users through a tool they already trust.”
Minimus offers secure, minimal container and VM images with 95% fewer CVEs and real-time exploit intelligence. CTO John Morello stated, “By partnering with Trivy, we’re bringing early-stage vulnerability elimination to developers.”
A Commitment to Sustainable Open Source“It’s not just about building a tool,” said Itay Shakury, VP of Open Source at Aqua Security. “It’s about building a secure future.” With the Trivy Partner Connect Program, Aqua Security reinforces its commitment to sustainable open-source growth—backed by innovation, structure, and community.
