Platform | Secure

Anchore Secure

Automate the scanning of source code and container images for vulnerabilities, malware, and secrets. Triage, remediate, and ship fixes quickly and without friction.

How to Secure Your Kubernetes Software Supply Chain at Scale

Watch on Demand

Reduce Risk for Software Supply Chain Attacks: Best Practices for Container Security

Download the White Paper

Protect & Monitor

Continuous Vulnerability Monitoring with Anchore Enterprise

Continuous Vulnerability Monitoring

Anchore continually updates the vulnerability status of your software artifacts in response to new security advisories. By storing the SBOMs generated from your pipeline, Anchore can send instantaneous alerts when a new vulnerability is announced without needing to rescan the original software. See the historical exposure of your application to newly discovered vulnerabilities.
SBOM UI of Anchore Enterprise

Comprehensive Ecosystem Coverage

With support for the common language ecosystems, operating systems, and software vendors, Anchore can scan for known vulnerabilities whatever stack you are using for your software. Anchore’s powerful Syft-based SBOM generation ensures that even dependencies hidden deep inside compressed files are detected. Security feeds from GitHub, CVE5, NVD, and major vendors ensure timely vulnerability updates.
Policies UI in Anchore Enterprise

False Positive/Negative Mitigations

Enable developers to provide accurate metadata for packages in the SBOM to reduce false positive and negative rates. Combined with flexible control over which security feeds to use, security teams can ensure that developers are not distracted by unnecessary alerts.
Runtime Context with Anchore Enterprise

Runtime Context

Don’t get distracted with security alerts for software that never goes into production. Build an inventory of running images in runtime clusters and prioritize remediation of active images. Use the runtime history information to determine if and when an image was susceptible to an attack to aid with forensics.
Malware Scanning with Anchore Enterprise

Malware and Secret Scanning

Discover exposed secrets in config files or temporary files left on the filesystem using a powerful regular expression parser. Detect virus or malware signatures in your container image builds to prevent backdoors or cryptominers reaching production.

FAQs

Syft is an open source command line tool produced by Anchore that when given a filesystem, such as a Git repo or a container image, generates a high-fidelity SBOM. Syft works at the level of a single artifact and does not persist the data. Anchore Enterprise embeds Syft into its integrations and backend so it can generate the SBOMs for all artifacts in your CI pipelines, registries, or runtime images, and stores the data for vulnerability management, reporting, and remediation workflows.

Grype is an open source command line tool produced by Anchore that takes a single SBOM and generates a list of vulnerabilities. Grype does not store the data and does not perform any continuous scans. Anchore Enterprises use Grype to generate one-off and ongoing vulnerability scans for all SBOMs stored in its database.

Anchore uses a wide variety of feeds to perform the initial and ongoing scans. The complete list can be found in our documentation.

By storing the SBOM for the scanned artifact, Anchore is able to generate a list of vulnerabilities at the time of the SBOM generation but also continue to scan the SBOM as new vulnerabilities are published. As the SBOM is stored in the Anchore database, Anchore can immediately notify a user of new issues without needing to rescan or even have access to the original software. This approach also means you can historically determine if a piece of software that was shipped at some point in the past was susceptible to a vulnerability that has only just come to light.

Explore our solutions

Federal Compliance

Automate compliance checks using out-of-the-box and custom policies.
Learn more

Open Source Security

Improve open source security by easily tracking direct and transitive open source dependencies to identify and fix vulnerabilities early.
Learn more

DevSecOps

Automate DevSecOps for your cloud-native software supply chain with an API-first DevSecOps solution.
Learn more

Container Security Solution

Identify and remediate container security risks and monitor post-deployment for new vulnerabilities.
Learn more

FedRAMP Vulnerability Scanning

Meet the new FedRAMP Vulnerability Scanning Requirements for Containers and achieve compliance faster with Anchore.
Learn more

Container Vulnerability Scanning

Reduce false positives and false negatives with best-in-class signal-to-noise ratio.
Learn more

Kubernetes Images Scanning

Allow or prevent deployment of images based on flexible policies and continuously monitor the inventory of insecure images running in your clusters.
Learn more

Container Registry Scanning

Identify and remediate new risks and vulnerabilities as they emerge.
Learn more

CI/CD Security & Compliance

Embed security and compliance into your CI/CD pipeline to uncover vulnerabilities, secrets, and malware in your automated build processes.
Learn more

Software Bill of Materials

Get comprehensive visibility of your software components and ensure vulnerability accuracy with the most complete SBOM available. Generate, store, analyze, and monitor SBOMs across the application lifecycle to identify software dependencies and improve supply chain security.
Learn more

Container Compliance

Automate compliance checks using out-of-the-box and custom policies.
Learn more
Learn more
Learn more

Speak with our security experts

Learn how Anchore’s SBOM-powered platform can help secure your software supply chain.
Contact Us