Automated Container Security and Compliance for the Enterprise

The only end-to-end container security and compliance platform built on open source

“As an OEM partner of Anchore it’s tools allow us to simplify analysis and security of the software development lifecycle in a container-native architecture.”

“We use Anchore Engine to enforce security and compliance checking for production container workloads distributed across dozens of Kubernetes clusters.”

“Anchore is a top-notch tool for mapping the most relevant CVE to software version and creating custom policy checks and their support team is one of the best we’ve encountered”

“Anchore has been instrumental in bridging the gap between our Security and Operations teams. We leverage Anchore during every phase of our container deployment pipeline”

“Continuous delivery requires continuous security & compliance making sure that only the right code gets deployed. With Anchore we can deliver a secure CD pipeline for enterprise deployments”

Have Questions?

Join our community slack channel to interact with other users and members of the Anchore team!

Join Anchore Community Slack

The Most Comprehensive Container Security Inspection Platform Today

Anchore performs an in depth analysis of your container image allowing you to generate a detailed manifest and create and apply specific policy gates and checks for your entire container workload on premises and in the cloud

Vulnerability Scanning

Perform a detailed and thorough scan for any known vulnerabilities in your application and operating system packages

Secrets and Passwords

Ensure all secrets are not present in your image including passwords, API keys, and any other sensitive information

Operating System Packages

Anchore performs a thorough scan on your container image to identify any known operating system packages

3rd Party Libraries

Easily identify non-OS third party libraries including Node.js NPM’s, Ruby GEM’s, Python PIP, PERL CPAN, and JAVA Archives

Whitelist

Whitelist elements of your image when performing analysis to ensure that detection does not block the deployment of an image

Blacklist

With Anchore you can easily blacklist elements like source code in the image, usernames, user ID’s, licenses, packages, or images in their entirety

Dockerfile Checks

Analyze and perform a check on the contents of a Dockerfile or the Docker history for any container image

Other Checks

Identify configuration files, file permissions, unpackaged files, and anything else you’d like to uncover

Anchore at a Glance

31

Fortune 100 companies using Anchore

100,000+

Users of Anchore Open Source Engine

1M+

Images scanned across 5k repos

Anchore Solutions

Anchore Engine

End-to-End Open Source Container Security and Compliance

The Anchore open source project allows developers to perform detailed analysis on their container images, run queries, produce reports and define policies that can be used in CI/CD pipelines. Developers can extend the tool to add new plugins that add new queries, new image analysis, and new policies

Try Anchore Engine

Anchore Enterprise

An On-Premise Ready Container Compliance Platform

Anchore’s On-Premises solution provides end-to-end security and compliance for the enterprise built on the open source Anchore Engine. With Anchore Enterprise you can use the Anchore UI to perform deep image scans and create and apply policies for security and compliance, as well as take advantage of an air-gapped feed service.

Try Anchore Enterprise

Ready to get started?

Request a Demo

Try Open Source