Aqua Security is the leading Cloud Native Application Protection Platform (CNAPP), purpose-built to secure containerized workloads, Kubernetes environments, and the software supply chain from development through runtime. In April 2025, Aqua achieved FedRAMP High Authorization — sponsored by the U.S. Department of Education and hosted on AWS GovCloud — meeting more than 400 security controls and making Aqua one of the few CNAPP vendors authorized at the highest level of U.S. federal cloud security compliance. That authorization is a direct reference point for Canadian departments pursuing Protected B / PBMM alignment under ITSG-33 and CCCS cloud security guidance. In May 2025, Aqua further earned AWS Government Competency status, confirming its standing as a validated choice for government cloud workloads. Aqua’s open-source Trivy scanner — with more than 25,000 GitHub stars — is widely used across federal DevSecOps pipelines to generate CycloneDX and SPDX Software Bills of Materials (SBOMs), directly supporting the PSPC Software Supply Chain Risk Mandate and aligning with Canada’s adoption of SBOM requirements modelled on U.S. Executive Order 14028. For Canadian public sector clients standing up modern cloud-native infrastructure, Aqua provides the runtime visibility, build-time provenance, and supply chain transparency required to achieve and sustain sovereign, secure cloud operations.
