Aqua Security, the leader in cloud native security, announced the launch of the Trivy Partner Connect Program on July 7, 2025, expanding the commercial ecosystem around Aqua Trivy, the world’s most popular open source vulnerability and misconfiguration scanner. The program’s inaugural partners, Echo and Minimus, deliver secure-by-design image solutions, aligning with Trivy’s mission to empower developers and security teams.
Aqua Security launches Trivy Partner Connect Program to boost Trivy’s ecosystem.
Echo and Minimus join as first partners, offering secure-by-design container images.
Program supports OEM and ecosystem partners with integration and collaboration benefits.
Trivy retains its open, free-to-use model with over 100 million annual downloads.
Enhances security coverage and innovation without disrupting user workflows.
Includes Certified, Core, and Advisor tiers for varied partner engagement.
The Trivy Partner Connect Program provides a structured framework for commercial vendors to integrate and collaborate with Trivy, which boasts over 27,000 GitHub stars and millions of active monthly users. “Trivy Partner Connect represents our commitment to the millions of developers and security teams who rely on Trivy around the world every day,” said Itay Shakury, VP of Open Source at Aqua Security. The program ensures continued investment in Trivy’s reliability while introducing new capabilities through partners like Echo and Minimus, without altering its open source accessibility.
Echo: Delivers vulnerability-free base images that are automatically patched, hardened, and FIPS-validated. “Echo is built for enterprise teams ready to tackle the underlying cause of vulnerability management,” said Eilon Elhadad, CEO and Co-Founder. Its AI agents ensure CVE-free images, allowing engineers to focus on development rather than fixing vulnerabilities.
Minimus: Provides minimal container and virtual machine images with 95% fewer CVEs than traditional counterparts, rebuilt daily with application-specific hardening and real-time exploit intelligence. “The radical reduction in CVEs Minimus images provide, combined with Trivy’s comprehensive container visibility, radically accelerates detection and remediation,” said John Morello, CTO and Co-Founder.
The program enhances Trivy’s value for its global user base by offering:
Broader security coverage through partner integrations.
Faster innovation via collaborative engineering.
Seamless workflows, keeping Trivy free and open.
Long-term value through commercial contributions to the open source core.
For partners, Trivy Partner Connect offers:
OEM Partners: Access to Trivy’s comprehensive scanning capabilities (vulnerabilities, misconfigurations, secrets, licenses, and SBOMs), commercial licensing clarity, priority support, and faster time-to-market.
Ecosystem Partners: Exposure to Trivy’s massive user base, streamlined enterprise integrations, and joint go-to-market opportunities.
Trivy Partner Connect includes three tiers:
Certified: For partners integrating with Trivy and meeting branding standards.
Core: For deeper engineering collaboration and roadmap influence.
Advisor: For contributors providing vulnerability data or enrichment services.
“This program represents our commitment to sustainable open source development,” said Shakury, emphasizing accelerated capabilities and community growth.
Aqua Security’s Trivy, integrated into platforms like Harbor and GitLab, supports over 500 enterprises with its Cloud Native Application Protection Platform (CNAPP). The program’s launch, trending on X, reflects strong community support, with posts highlighting its role in advancing cloud security. As Trivy evolves, partnerships with Echo, Minimus, and future members like Root will drive innovation, ensuring robust, secure-by-design solutions for cloud native environments.
Aqua Trivy is the world's most popular open source universal scanner, used to identify vulnerabilities, misconfigurations, secrets, and license issues across containers, IaC, code, cloud, and Kubernetes. With seamless CI/CD integration and broad artifact support, Trivy is trusted by developers, DevOps, and security teams around the globe.
Aqua Security is the pioneer in securing AI and containerized cloud native applications from development to production. Aqua’s full lifecycle solution prevents attacks by enforcing pre-deployment hygiene and mitigates attacks in real time in production, reducing mean time to repair and overall business risk. The Aqua Platform, a Cloud Native Application Protection Platform (CNAPP), integrates security from Code to Cloud, combining the power of agent and agentless technology into a single solution. With enterprise scale that doesn’t slow development pipelines, Aqua secures your future in the cloud. Founded in 2015, Aqua is headquartered in Boston, MA, and Ramat Gan, IL, protecting over 500 of the world’s largest enterprises.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.