Sold by: Avocado
Deployed on AWS
In rapid development environment, traditional security measures often struggle to keep pace with the complexity of distributed applications. Avocado Systems provides a groundbreaking approach to application security by moving protection inside the application runtime.
The Avocado Security Platform empowers organizations to transition from reactive security to a proactive, automated posture ensuring that your software is secure by design, secure in development, and secure in execution.
*Plugin licenses are counted per Application.
Overview
Image
Avocado Reveal
Image
Avocado Protect
Video
Product video
-
Automated Application Runtime Threat Modeling Stop relying on static snapshots. Avocado provides continuous, real-time visibility into application behavior. By analyzing actual traffic patterns and execution paths, the platform automatically generates dynamic threat models that evolve as your application does. Learn more about the use case here: https://www.avocadosys.com/automaticappthreatmodeling/
-
Application-Centric Zero Trust Extend Zero Trust beyond the network layer. Avocado enforces "Least Privilege" at the application level, ensuring that even if a network perimeter is breached, lateral movement is stopped. With the advent of Process Level Micro-segmentation, Avocado verifies every interaction within the application environment, regardless of location. Learn more about the use case here: https://www.avocadosys.com/applicationzerotrustandavocadoprotect/
-
Integrated DevSecOps Threat Modeling Shift security to the left without slowing down your engineers. By integrating threat modeling directly into the CI/CD pipeline, Avocado identifies architectural flaws and vulnerabilities during the build phase, reducing the cost and risk of remediation. Learn more about the use case here: https://www.avocadosys.com/devsecopstesting/
-
Automated Architecture Governance & SBOM Maintain a clear record of what is running in your environment. Avocado Systems, Inc. Automated Architecture Governance: Every time a code change occurs, it is studied automatically in the context of application architecture. Ensure every microservice complies with corporate security architecture policies automatically. Any accidental new security flaw in the application gets caught right away. Dynamic SBOM: Generate a real-time Software Bill of Materials (SBOM) to track third-party dependencies and supply chain risks with 100% accuracy. Learn more about the use case here: https://www.avocadosys.com/revealautomationapplicationarchitecturegovernance/
-
Application Architecture Change Management Modern applications change daily. Avocado automatically detects shifts in application topology and configuration. This ensures that "configuration drift" never creates an accidental security hole, providing a continuous audit trail for compliance. Learn more about the use case here: https://www.avocadosys.com/automationofenterpriseapplicationchangemanagement/
Highlights
- 1. Automated Application Runtime Threat Modeling 2. Application Centric Zero Trust, Microsegmentation 3. Integrated DevSecOps Threat Modeling 4. Automated Architecture Governance and SBOM 5. Application Architecture Change Management and Governance
- 1. AI driver Application Threat Modeling 2. Threat Modeling integrated into DevSecOps 3. SBOM generation in DevSecOps
Details
Sold by
Categories
Delivery method
Supported services
Delivery option
Avocado Security Platform (Helm Chart)
Latest version
Operating system
Linux
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Avocado Security Orchestrator | Centralized Observability, Threat Modeling and Security orchestration | $4,995.00 |
Avocado Security Plugin Library | Avocado Security Plugin Library | $61,000.00 |
Vendor refund policy
Software charges for this product are eligible for a refund on a case-by-case basis. To request a refund, please contact our support team at Support@avocadosys.com . Requests must include your AWS Account ID, Product ID, and a brief justification. Please note that AWS infrastructure charges (e.g., EC2, S3) are handled independently by AWS and are not covered by this software refund policy. For more information, please refer to the AWS Marketplace Buyer Guide.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Avocado Security Platform (Helm Chart)
Supported services: Learn more
- Amazon EKS
- Amazon EKS Anywhere
Helm chart
Helm charts are Kubernetes YAML manifests combined into a single package that can be installed on Kubernetes clusters. The containerized application is deployed on a cluster by running a single Helm install command to install the seller-provided Helm chart.
Version release notes
Release Notes
1. Avocado Security Platform Release Notes
These release notes provide details about the latest release of the Avocado Security Platform, including new features, bug fixes, and known issues.
2. What is New
This section highlights the new features and enhancements introduced in this release of the Avocado Security Platform Plugin and Avocado Security Orchestrator.
2.1 Avocado Security Orchestrator
Single Sign-On (SSO) Integration
The Avocado Security Orchestrator now supports Single Sign-On (SSO) with:
- Microsoft Entra ID (formerly Azure AD)
- ForgeRock
This integration enables centralized user authentication, improved security, and streamlined user access through enterprise identity providers.
Highlights:
- OAuth 2.0-based integration with role-based access control (RBAC)
- Support for custom role mapping either through the IdP or internally within the Orchestrator
- Token claims configuration for user identity and permissions
- Seamless login experience via enterprise credentials
Component Version Upgrades
As part of this release, critical backend components have been updated for better performance, security, and compatibility:
- MySQL: Upgraded to the latest supported version
- Elasticsearch: Updated to a newer version compatible with enhanced data indexing and retrieval features
- Orchestrator Components: Various improvements and internal enhancements to ensure stability and scalability
These upgrades enhance database reliability, improve query performance, and ensure compatibility with modern deployment environments.
2.2 Avocado Security Platform Plugin for Linux
- Amazon Linux 2023 Support for Avocado Security Plugin: The Avocado Security Plugin now supports Amazon Linux 2023, extending compatibility to AWS-optimized Linux distributions.
- Non-root Init Container for Avocado Security Plugin: With this release, we will support plugin deployment on non-root init containers.
- Bug Fixes: Addresses various functionality issues, improving the overall plugin performance.
3. Issues Fixed
This section outlines the issues resolved in the Avocado Security Platform Plugin and Avocado Security Orchestrator in this release.
3.1 Avocado Security Orchestrator Bug Fixes
- SLA Over Websocket: Plugins now send SLA data via WebSocket.
- Application Architecture Model: Consolidated multiple clients connecting to a single application group.
- MySQL Performance Improvement: Resolved high CPU usage in MySQL caused by numerous simultaneous SLA processes.
3.2 Avocado Security Platform Plugin Bug Fixes
- SLA Caching Mechanism: Fixed caching issues related to SLA data.
[!NOTE] Compatibility Note: It is recommended to use Avocado Security Platform Plugin version 3.3 with Avocado Security Orchestrator version 3.3.
4. Known Issues
4.1 Avocado Security Orchestrator
- Dashboard Filter Missing: Filtering by Application Type is currently unavailable, impacting usability when searching by application categories.
- Login Issues in HA Deployments: Users may experience login failures post-password reset in high-availability environments.
- Workaround: Clear browser cache and cookies. Also, new users are not automatically prompted to change their passwords upon first login. They must manually navigate to the My Profile page to do so.
- Empty UI Message: The UI may display a blank screen when updating a user's tenancy via the List Tenancy API.
4.2 Avocado Security Platform Plugin for Linux
- ADPL Log Forwarding in Non-Root Contexts: In Kubernetes environments running with non-root user contexts, the plugin cannot forward ADPL logs to remote targets.
- Limitation (Secure Data Policy): Secure data policies created after deployment are applied to containers spawned after the policy's activation.
Additional details
Usage instructions
Avocado Security Platform Usage Instructions
Preconditions
- An existing MySQL Kubernetes cluster must be up and running, and an admin/root user must already exist.
- An existing Elasticsearch Kubernetes cluster must be up and running, and an admin user must already exist.
- Required Kubernetes Secrets must be created before installing this Helm chart.
- Do not put real passwords, API keys, certificates, keystores, truststores, or private keys in Helm values files.
Install Example
Override Parameters
| Parameter | Description |
|---|---|
| global.externalServices.mysql.host | Kubernetes DNS name or reachable hostname for the existing MySQL service. |
| global.externalServices.elasticsearch.host | Kubernetes DNS name or reachable hostname for the existing Elasticsearch HTTP service. |
| global.externalSecrets.mysql.name | Existing Secret containing MySQL admin credentials and Avocado database user password. |
| global.externalSecrets.elasticsearch.name | Existing Secret containing Elasticsearch username and password keys. |
| global.externalSecrets.keyStoreTrustStore.name | Existing Secret containing keystore/truststore files and their passwords. |
| global.externalSecrets.externalApiKeys.name | Existing Secret containing external API keys such as NVD NIST, IP geolocation, and Gemini. |
| global.externalSecrets.mysqlTruststore.name | Existing Secret containing MySQL truststore file/password. Required only when MySQL JDBC SSL verification is used. |
| global.externalSecrets.cipher.name | Existing Secret containing Orchestrator cipher public/private key files. |
| global.externalSecrets.uiTls.name | Existing Secret containing TLS certificate/key used by the Avocado UI. |
| global.externalSecrets.proxy.name | Existing Secret containing proxy password. Required only when proxy authentication is enabled. |
| global.runtimeConfig.existingConfigMap | Optional ConfigMap name for runtime Spring Boot property overrides for Orchestrator, VIP, and Reveal AI. |
| orchestrator.pvc.storageClassName | StorageClass used for Orchestrator persistent storage. Use an RWX-capable class for multi-replica deployment. |
| orchestrator.pvc.size | Requested PVC size for Orchestrator persistent storage, for example 10Gi. |
Runtime Configuration
To override non-secret application.properties values, create a ConfigMap with one or more keys:
- orchestrator-application.properties
- vip-application.properties
- revealai-application.properties
Then install or upgrade with:
--set global.runtimeConfig.existingConfigMap=<runtime-configmap-name>After changing that ConfigMap, update global.runtimeConfig.revision to force pod rollout.
Secrets
Create all required Secrets before installation. Use placeholder values in documentation and automation. Never store real secret values in values.yaml.
For detailed steps kindly refer to below link.
Support
Vendor support
- Enhance your Governance, Risk and Compliance
- Platform, Cloud agnostic
- Programming language agnostic
- Application Architecture agnostic
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
CloudAvocado centralizes scheduling and cost optimization for EC2, RDS, ECS/EKS, SageMaker and MongoDB Atlas. Automate non working hours start/stop, rightsize ASGs and clusters, and visualize savings across accounts, tags, and regions.
Avocado Consulting is an end-to-end project delivery consultancy, that specialises in helping our clients move through the Observability Maturity Curve, by assessing their current tooling and governance and delivering solutions that align with the clients key business objectives.
The worldwide Cooking Oil Market is projected to reach USD 263.05 billion by 2030, growing at a CAGR of 4.8%. The increasing demand for cooking oil globally is driven by a shift towards processed foods, changing dietary habits, and its recyclability for use in products such as soaps, animal feed, fuel, and other industrial applications.
Precision Fermentation Market Size, Trends and Insights By Microbe (Yeast, Algae, Fungi, Bacteria), By End-use (Food & Beverages, Pharmaceuticals, Personal Care & Cosmetics, Others), and By Region - Global Industry Overview, Statistical Data, Competitive Analysis, Share, Outlook, and Forecast 2025 - 2034
Customer reviews
No customer reviews yet
Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.