DevSecOps at Full Speed

Enable High Velocity, Policy-Based Container Workflows Without Compromise

mark

Anchore Closes $20M Series A Funding Round

We are pleased to announce that we have closed a round of funding led by SignalFire that will allow us to accelerate product development and expand our global reach. Learn more in a post from our CEO.

read more

Announcing Anchore Enterprise 2.2

The best platform for container security just got better. Our new Anchore Enterprise adds integrations with Slack, Jira, GitHub, and Microsoft Teams so you can find out about issues as they are discovered.

read more

Container Scan Action for GitHub

The Anchore Container Scan Action for GitHub makes it easy to integrate container scanning into your GitHub development workflow. Add it to your build process, and rest easy.

read about github action

Top Brands Trust Anchore

"Actions like Anchore Container Scan are exactly why we built GitHub Actions. By making it easy for developers to build security directly into their workflows, it helps them ship better code more quickly"
“We believe the availability of more freely redistributable, well-curated base images can simplify the development process for our partners and enhance the support experience of our mutual customers”
"Anchore has proven to be a valuable tool, helping to ensure that the Cisco Container Platform matches our compliance standards."
“We use Anchore Engine to enforce security and compliance checking for production container workloads distributed across dozens of Kubernetes clusters.”
"Anchore allows us to maintain security and transparency over thousands of container images throughout the build process and is exactly the type of solution we were looking for"
“Anchore is a top-notch tool for mapping the most relevant CVE to software version and creating custom policy checks and their support team is one of the best we’ve encountered”

Anchore Solutions

Anchore offers container inspection and compliance solutions for a wide variety of use cases. Whether you are a small open source project or a large team in a highly-regulated industry, Anchore can help.

dash
Anchore Enterprise

Policy-Based Security and Compliance

Anchore Enterprise is a complete container security workflow solution for professional teams. Easily integrating with CI/CD systems, it allows developers to bolster security without compromising velocity and enables security teams to audit and verify compliance in real time. It is based on Anchore Engine, an open-source image inspection and scanning tool.

Explore Anchore Enterprise →
Anchore Engine

Open Source Container Inspection and Analysis

Anchore Engine is an open source tool for deep image inspection and vulnerability scanning. It allows users to perform detailed analysis of container images, producing reports and defining policies that can be used in CI/CD pipelines. It is the foundation of Anchore Enterprise, a container security workflow solution.

Explore Anchore Engine →
engine-cap

The Most Comprehensive Container
Security Inspection Platform

Anchore performs deep inspection of container images, generating a detailed software bill-of-materials and allowing you to apply specific policy gates and checks for your entire container workload on premises and in the cloud.

Vulnerability Scanning

Perform a detailed and thorough scan for any known vulnerabilities in your application and operating system packages

Secrets & Passwords

Ensure all secrets are not present in your image including passwords, API keys, and any other sensitive information

Operating System Packages

Anchore performs a thorough scan on your container image to identify any known operating system packages

3rd Party Libraries

Easily identify non-OS third party libraries, including Node.js NPM’s, Ruby GEM’s, Python PIP, PERL CPAN, and JAVA archives

Whitelist

Whitelist elements of your image when performing analysis to ensure that detection does not block the deployment of an image

Blacklist

With Anchore you can easily blacklist elements like usernames, user ID’s, licenses, packages, or images in their entirety

Dockerfile Checks

Analyze and perform a check on the contents of a Dockerfile or the Docker history for any container image

Other Checks

Identify configuration files, file permissions, unpackaged files, and anything else you’d like to uncover