Aqua Security, a provider of cloud-native security, announced the launch of the Trivy Partner Connect Program, a new partner program designed to expand the commercial ecosystem around Trivy, an open-source vulnerability and misconfiguration scanner.
Program enables commercial vendors to leverage open-source development
Trivy Partner Connect offers a structured framework for commercial vendors to build, integrate, and collaborate with Trivy, introducing new capabilities to users while promoting sustainable open-source development.
Trivy has over 27,000 GitHub stars, over 100 million annual downloads, and millions of active monthly users. Trivy Partner Connect brings new value to this community by expanding support for platforms, artifacts, and integrations without changing how users interact with the tool.
The program gives users:
- Broader security coverage with new partner-contributed content and integrations.
- Faster innovation driven by collaboration engineering between Aqua and partners.
- No disruption to current workflows, allowing Trivy to remain fully open and freely available.
- Increased long-term value as commercial contributions enhance the open-source core.
“Trivy Partner Connect represents our commitment to the millions of developers and security teams who rely on Trivy around the world every day,” said Itay Shakury, VP of Open Source at Aqua Security. “For our global community of users, this program ensures continued investment in reliability and cutting-edge capabilities they’ve come to expect from the world’s most popular security scanner. For our partners, Partner Connect provides a path to influence the roadmap, access priority support, and reach Trivy’s massive global use base. Together, we’re not just building an open source tool, we’ve building a more secure future.”
The program also contains three tiers:
- Certified: For partners who integrate with Trivy and meet trademark and marketing alignment standards.
- Core: For partners requiring deeper engineering collaboration, roadmap access, and product knowledge.
- Advisor: For contributors who provide vulnerability data or enrichment services to support broader coverage.
“This program represents our commitment to sustainable open source development,” said Shakury. “By creating structured commercial partnerships, we can accelerate Trivy’s capabilities while ensuring the health and growth of our community.”
Support for OEMs and ecosystem partners
The partner program supports OEMs and ecosystem partners. OEM partners embed Trivy within their products, and ecosystem partners build complementary solutions that integrate or enhance Trivy capabilities.
Among the benefits for OEM partners are:
- Integration into Trivy’s detection capabilities– covering vulnerabilities, misconfigurations, secrets, licenses, and SBOMs– directly into their offering.
- Commercial licensing and content clarity for OEM partners, ensuring license-compliant use of Trivy and its content with legal and operational clarity.
- Direct access to the Trivy core team enables quicker problem-solving, tailored feature support, and alignment with future roadmap development.
- OEMs are enabled to build differentiated security features without having to build scanning engines from scratch.
Meanwhile, key benefits for ecosystem partners include:
- Trivy’s open-source ecosystem provides a direct channel to millions of users in development, security, and DevOps roles, exposing them to a large scanning community.
- Partner offerings can be surfaced to Trivy users within their existing workflows, increasing adoption with minimal friction and streamlined integration into enterprise environments.
- Gaining visibility through shared announcements, technical blogs, community highlights, and event participation via joint go-to-market and marketing opportunities.
- Collaborating with Trivy helps to ensure seamless interoperability and unlocks early access to new capabilities with technical validation and feedback.
Trivy’s first program partners
Echo and Minimus are the first two partners to join the program, both of which deliver secure-by-design image solutions to align with Trivy’s mission to empower developers and security teams through open, trusted tools.
Echo is a provider of vulnerability-free base images that are automatically patched, hardened, and FIPS-validated. These secure-by-design images are compatible with existing operating systems and scanners like Trivy, enabling zero-effort adoption for engineers and visible impact for security teams.
“Echo is built for enterprise teams ready to tackle the underlying cause of vulnerability management, rather than simply treating its symptoms. Through AI agents, we deliver CVE-free images that are built clean and kept clean,” said Eilon Elhadad, CEO and co-founder. “Joining Trivy Partner Connect allows us to amplify our impact, reach security-conscious users globally through the tool they already use, and enable engineers to focus on revenue-driving development rather than trying to fix vulnerabilities in code they didn’t even write.”
Minimus, meanwhile, offers secure, minimal container and virtual machine images. These images have 95 percent fewer CVEs than traditional counterparts, application-specific hardening, real-time exploit intelligence, and support for FIPS and STIF workloads.
“Trivy has earned enormous trust in the open source community. By partnering with Trivy, we’re making it easier than ever to eliminate vulnerabilities at the earliest stages of development. As a Trivy Connect partner, we can reach that audience with a shared mission of eliminating vulnerabilities before they exist,” said John Morello, CTO and co-founder. “The radical reduction in CVEs Minimus images provide, combined with Trivy’s comprehensive container visibility radically accelerates detection and remediation for security and development teams.”
This year has seen several partner programs begin to materialize or be reconfigured by organizations in the channel. Read more about the latest unified global partner program from Mitel for hybrid communications.