Platform | Enforce

Anchore Enforce

Choose your policy and enforce it at every stage of the SDLC. Raise alerts for developers, show trends to the CISO, and generate evidence for auditors.

Enforce & Prove Compliance

Policies UI in Anchore Enterprise

FedRAMP, NIST, DISA, and DOD policy packs.

Deploy a ready to use policy to achieve compliance with a variety of federal standards. Each rule is mapped to the specific control version for easy report and evidence generation. Shift your compliance checks “left” and have developers fix issue before deployment.
Malware Scanning with Anchore Enterprise

Flexible Reporting Options

Produce reports from the simple to the detailed with Anchore’s powerful reporting engine. Choose from a range of default reports providing an overview of risk across all of your sites to customized reports which focus on specific registries, repos, or runtime environments.
Inventory UI in Anchore Enterprise

Runtime Context

Verify the compliance status of your production applications with a real time view of the cluster and namespaces running your containers. Zero in on the specific base images causing out of compliance alerts.
SBOM UI of Anchore Enterprise

License Management

Prevent the use of copyleft licenses or warn on the use of unapproved licenses. Search for software that has been relicensed to prevent commercial risk.
Continuous Vulnerability Monitoring with Anchore Enterprise

Dockerfile Controls

Limit the use of instructions which introduce risk to container image builds. Prevent the use of unapproved packages or binaries. Disable network access or effective users with elevated privileges.

More Capabilities.

Base Image Management

Ensure only approved golden images are used as base images. Prevent the use of unauthorized operating systems or find the use of distributions approaching or past the end of life support.

Content and Metadata Inspection

Anchore can look at every piece of metadata for any file on the filesystem to: detect files with global read or write permissions or elevated privileges (SUID); ensure file hashes map to known good signatures; or, determine if mandatory files are missing or typosquatting files are present. You can go further and look for specific configuration strings inside files to ensure that values are set according to best practices.

Policy as Code

Every policy rule configured in Anchore is stored in an easy to edit JSON file allowing GitOps workflows around policy management and synchronization across deployments.

FAQs

We provide policy packs that cover FedRAMP v5, NIST 800-53, 800-190, DISA, and Docker CIS. An Anchore Enterprise deployment also allows you to comply with the NIST 800-219 (Secure Software Development Framework) attestation requirements.

All Anchore policy rules are stored in a simple JSON format that can be edited by a human or managed programmatically via Git.

Explore our solutions

Federal Compliance

Automate compliance checks using out-of-the-box and custom policies.

Open Source Security

Improve open source security by easily tracking direct and transitive open source dependencies to identify and fix vulnerabilities early.

DevSecOps

Automate DevSecOps for your cloud-native software supply chain with an API-first DevSecOps solution.

Container Security Solution

Identify and remediate container security risks and monitor post-deployment for new vulnerabilities.

FedRAMP Vulnerability Scanning

Meet the new FedRAMP Vulnerability Scanning Requirements for Containers and achieve compliance faster with Anchore.

Container Vulnerability Scanning

Reduce false positives and false negatives with best-in-class signal-to-noise ratio.

Kubernetes Images Scanning

Allow or prevent deployment of images based on flexible policies and continuously monitor the inventory of insecure images running in your clusters.

Container Registry Scanning

Identify and remediate new risks and vulnerabilities as they emerge.

CI/CD Security & Compliance

Embed security and compliance into your CI/CD pipeline to uncover vulnerabilities, secrets, and malware in your automated build processes.

Software Bill of Materials

Get comprehensive visibility of your software components and ensure vulnerability accuracy with the most complete SBOM available. Generate, store, analyze, and monitor SBOMs across the application lifecycle to identify software dependencies and improve supply chain security.

Container Compliance

Automate compliance checks using out-of-the-box and custom policies.

Speak with our security experts

Learn how Anchore’s SBOM-powered platform can help secure your software supply chain.