Open Container Compliance
An open source complete solution for compliance, certification, security
scanning, and auditing of public and private container images.
“Anchore allows us to maintain security and transparency over our images throughout the build process and is exactly the type of solution we were looking for.”
“Anchore will become an important tool for organizations looking to build and maintain secure container-based architectures.”
“Using Anchore’s tools we can define strict policies for security and compliance that ensure only images that meet our stringent security requirements are released.”
“Using Anchore we are able to add container compliance & certification to our industry leading (ARM) methodology for architecting and operating secure & compliant environments”
Container Native Security & Compliance
Anchore analysis tools inspect your container image and generate a detailed manifest allowing you to create and apply policies that specify rules to govern security vulnerabilities, package whitelists and blacklists, configuration file contents, presence of credentials in image, manifest changes, exposed ports or any user defined checks.
Analyze Container Images
Inspect your container image and generate a detailed list that includes official OS packages, unofficial packages, config files, language modules, and artifacts such as NPM, PiP, GEM, and Java archives.
Integrate into Your Workflow
Anchore can be run at any point in the development pipeline to produce reports or to evaluate policies allowing policy violations to be caught and fixed early in the CICD pipeline.
Define and Enforce Policies
Define policies to govern security vulnerabilities, package whitelists and blacklists, configuration file contents, secrets in image, manifest changes, exposed ports or any user defined checks.
Run with Orchestration
Integrate with orchestration platforms such as Kubernetes to ensure that only images that are certified by your organization are run.
Do You Know What’s Beneath the Surface of Your Containers?
An image may contain no operating system packages with known vulnerabilities but may still be insecure, mis-configured or in some other way out of compliance. Anchore analysis tools inspect your container image and generate a detailed manifest of the image, a virtual ‘bill of materials’ that includes official operating system packages, unofficial packages, configuration files and language modules and artifacts such as NPM, PiP, GEM, and Java archives.
Using Anchore tools policies can be defined that specify rules to govern security vulnerabilities, package whitelists and blacklists, configuration file contents, presence of credentials in image, manifest changes, exposed ports or any user defined checks. These policies can be deployed site wide or customized for specific images or categories of applications.
Open Source Container Security and Compliance
The Anchore open source project allows developers to perform detailed analysis on their container images, run queries, produce reports and define policies that can be used in CI/CD pipelines. Developers can extend the tool to add new plugins that add new queries, new image analysis, and new policies
Discovery, Analysis, and Certification Toolkit
With Anchore’s Cloud SaaS Service you can explore images on all of the popular public registries for the one that best suits you, analyze an image to see contents and history, and create policies to enforce with other images.
A Solution for Every Use Case
Anchore Open Source allows developers to perform detailed analysis on container images, run queries, produce reports & define policies to use in CI/CD pipelines as well as extend the tool with new queries, analysis, or policies.
With the Anchore Cloud service you can search for images across multiple registries, explore TAGs and history, perform detailed analysis, review security issues, define custom policies to evaluate images, and subscribe to receive image updates
The On Premise Anchore Engine provides a centralized service for performing detailed analysis on container images, running queries, producing reports and defining policies that can be used in CI/CD pipelines.
Ready to get started?
Create a Free Account or Get the Code