We’re excited to announce a new partnership and integration between Seal Security and Aqua Trivy, the industry standard for container and open source vulnerability scanning. 

As of the recent v0.67.0 release, Aqua Trivy fully recognizes sealed open source components built by Seal Security. This collaboration ensures clean scans, zero false positives, and full compliance coverage for your team.

Aqua Trivy Now Recognizes Sealed Packages

Aqua Trivy is trusted by thousands of teams to scan containers, OS packages, and application dependencies across their CI/CD pipelines. 

With this integration, Aqua Trivy natively identifies and verifies components patched by Seal Security, allowing developers and security teams to confidently use sealed packages without triggering false positive alerts or compliance flags.

What this means:

• No false positives on sealed components
• Newly discovered vulnerabilities will appear in scan results
• Sealed packages pass Aqua Trivy scans automatically
• Full compatibility with compliance frameworks and SBOM tools

This works right out of the box for teams using Seal Security and AquaTrivy, no configuration needed.

How Sealed Packages Work

Seal Security rebuilds vulnerable open source components from source, with built-in fixes for known vulnerabilities, and delivers drop-in, production-ready replacements. 

These sealed packages maintain original functionality and version compatibility, so you can secure even legacy, EOL, or heavily customized codebases without rewriting or waiting for upstream fixes. 

The best part: they can be installed in just one click, instead of requiring months-long migrations or tedious and risky manual upgrades.

Now with Aqua Trivy support, these sealed packages:

• Pass compliance audits (FedRAMP, PCI DSS 4.0, SOC 2, DORA, and more)
• Avoid unnecessary risk acceptance debates
• Reduce security patching SLA and developer friction

This comes together with the rest of the Seal Security platform to make your open source vulnerability remediation easier across the whole stack, giving you ROI across the organization.

Aligned Benefits for Security and R&D

Security teams get clean scan results and verified patching, eliminating noisy CVE findings that were already remediated, and giving control over security to the people responsible for it.

Developers avoid last-minute disruptions, long upgrade cycles, and broken dependencies, so they can maintain development velocity while meeting compliance goals.

Together, this reduces friction between teams whose goals often don’t align, saves countless hours of tedious work, and makes a real impact on your bottom line with compliance fines avoided and increased developer productivity.

Getting Started

For teams already using Aqua Trivy and Seal Security, sealed packages are automatically detected and verified, no configuration needed.

If you’re an Aqua Trivy user but aren’t using Seal yet, there’s never been a better time to start. With Aqua Trivy support in place, you can confidently integrate secure-by-default components into your pipelines and pass audits with ease.

Book a demo to see our product in action today.