Itay Shakury, VP of Open Source at Aqua Security told ChannelE2E, “Trivy Partner Connect emerged directly from community feedback and operates on a foundational principle of do no harm to the community. The program creates a sustainable ecosystem where commercial partners contribute resources and expertise to accelerate open source development while Aqua maintains transparent governance of the project’s direction."
This ensures developers and security teams benefit from enhanced capabilities, accelerated innovation, and enterprise-grade threat intelligence, without compromising Trivy’s accessibility or functionality.
Not Just a Scanner: A Platform for Pipeline Security
Trivy has evolved into more than a scanning tool. Its role is expanding as a foundational platform for building secure software pipelines. The inclusion of secure-by-design base images from Echo, Minimus, and soon, Root, illustrates how ecosystem contributions can tackle security earlier in the development process.“Simple scanning is no longer sufficient for world-class pipeline security,” Shakury said. “It’s the ecosystem of tools working together that provides true protection, which is why some of the largest corporations globally, along with vendors including Aqua itself, rely on Trivy as a crucial platform that brings together essential security elements to protect organizations throughout the entire software development lifecycle.”
What It Means for Trivy Users and Partners
This isn't about changing how Trivy works. It’s about multiplying what it can do. Partner Connect enables faster innovation by encouraging commercial partners to contribute integrations, data, and engineering insights. Users benefit from new features and platform support without having to wait for Aqua to build them all in-house. And because these contributions are anchored in open collaboration, the core product remains consistent and free to use.The program is also designed to support both OEMs embedding Trivy and ecosystem players building tools that complement it. OEMs get licensed access to Trivy’s detection engine - covering vulnerabilities, secrets, licenses, misconfigs, and SBOMs - along with support, roadmap alignment, and faster go-to-market timelines. Ecosystem partners, meanwhile, gain technical validation, joint marketing opportunities, and direct access to Trivy’s massive open source user base.“Many MSPs and MSSPs already leverage Trivy at scale in their environments. While this often meets their basic requirements, Partner Connect provides a structured vehicle for MSPs and MSSPs that need more sophisticated capabilities, enhanced support, deeper customization, or advanced integrations tailored to their offerings,” Shakury explained. “This level of adaptability enables them to build differentiated managed security offerings on top of the Trivy platform, something proprietary scanners often can’t match.”
No Disruption for MSPs and MSSPs
For MSSPs and cloud security providers embedding Trivy into managed offerings, the goal is to maintain operational simplicity while offering paths to scale and differentiate.“Trivy remains Trivy, the same reliable, open-source tool that works today will continue to work tomorrow without requiring operational changes or introducing licensing complexity,” Shakury emphasized. “For those seeking enhanced capabilities or roadmap collaboration, Partner Connect provides a structured pathway while preserving the licensing clarity and simplicity that makes Trivy ideal for large-scale, multi-tenant deployments.”
