Skip to main content

Set up and use the Aqua Security CWPP connector

Aqua Security Workload Protection, often referred to as Cloud Workload Protection (CWPP), secures cloud-native applications and environments.

By integrating Aqua Security, Veracode Risk Manager (VRM) leverages its insights to recommend the best next actions for security teams, ensuring seamless alignment with their broader tool stack and promoting a unified, strategic approach to security management.

Aqua requirements

The VRM connector for Aqua Security Workload Protection must be able to access the vulnerability data in Aqua. To set up the connector, you must meet the following requirements:

  • Have an Aqua Security account with Administrator permissions.
  • If you use an on-premises instance of Aqua Security, know the endpoint URL of your instance.

Create permission set and role

You must assign a role with a specific permission set to the API key that you use to authenticate the VRM connector.

  1. Log in to the Aqua Security platform.
  2. From the top-left menu, select Account Management.
  3. From the left navigation menu, select Permission Sets and select Add Permission Set.
  4. Enter a name for the permission set.
  5. In the Aqua Hub, CSPM, and Workload Protection sections, do the following:

    1. Set the toggle to Module is Enabled.

    2. Select Set all as > View.

      Aqua view permissions

    3. Select Confirm.

  6. Select Save.
  7. From the top-left menu, select Account Management.
  8. From the left navigation menu, select Roles and select Add Role.
  9. Enter a name for the role.
  10. For Permission Set, select the permission set you created.
  11. For Application Scope(s), select Global.
  12. Select Save.

Configure API key

Prerequisites:

You must have created a role with the required permission set.

To complete this task:

  1. Log in to the Aqua Security platform.

  2. From the top-left menu, select Account Management.

    Account Management

  3. From the left navigation menu, select Settings > API Keys.

  4. Select Generate Key.

  5. Enter a description for the new API key and select Create.

  6. Copy the API Key and Secret values to a secure location. You will not be able to view them again after you close the window.

  7. On the API Keys page, select the vertical ellipses for the API key you just created and select Edit.

  8. Clear the Enable global admin permission toggle.

  9. Select the roles:assign and tokens:readwrite permissions.

  10. From the dropdown list, select the Aqua role that you created.

    API permissions

  11. Select Save.

Create a VRM connector

  1. In VRM, from the left navigation menu, select the Settings icon settings_icon.png.
  2. Select Add Connector.
  3. Select the Aqua Security Workload Protection tile. enter a name for the connector.
  4. Enter the API key and secret you generated in Aqua.
  5. If you want to pull the findings from an on-premises Aqua Security instance, enter the endpoint URL of the instance. The SaaS endpoint URL is populated by default.
  6. Select Add Connector.

After the connector is created, VRM begins fetching your findings, which can take several minutes.

To view the fetched findings in VRM, select Findings findingsIcon.png from the left navigation menu and search for findings with a Finding Source of Aqua Security Workload Protection.

Last updated on