Anchore Enterprise v6 unlocks unified visibility across your legacy systems and modern cloud applications with SBOM-powered risk management and regulatory compliance automation.
SANTA BARBARA, CA – May 18, 2026 – Anchore, the leader in Software Supply Chain Security (SSCS), announced the availability of Anchore Enterprise v6. This latest version transforms the Software Bill of Materials (SBOM) into a powerful, application-context engine designed to automate evidence collection and ensure continuous regulatory compliance across all software assets.
Navigating a Complex Regulatory Landscape
Global organizations are currently facing a "breaking point" in manual defense as they navigate a maze of complex cybersecurity regulations. From the U.S. Cyber Executive Order and NIST 800-53 to PCI DSS 4.0, and the EU’s Cyber Resilience Act (CRA) and NIS2, the burden of proof has shifted to the manufacturer. The EU CRA, for instance, now mandates that products with digital elements be made available without known exploitable vulnerabilities and requires manufacturers to handle vulnerabilities throughout the entire product lifecycle.
"The software supply chain has reached a breaking point where manual defense is no longer a reality," said Josh Bressers, VP of Security at Anchore. "With the EU CRA vulnerability reporting obligations taking effect in September 2026, organizations cannot afford 'trust debt'. Anchore Enterprise v6 turns the SBOM into a living map, providing the auditable proof required by regulators and auditors."
Eliminating the "Security Tax"
Anchore Enterprise v6 unifies security management to eliminate the “security tax”—the manual burden of producing evidence and managing disparate tools. By creating a single inventory within an application and version context, security teams can now automate the tracking and record keeping required by standards like CRA (digital elements), FDA (medical devices), and FedRAMP (US government security requirements).
Key features of Anchore Enterprise v6 include:
- Unified Asset Model for Global Compliance: Establishes a normalized view across the SDLC, enabling one-click generation of unified SBOMs. This directly addresses EU CRA Annex I requirements for maintaining documentation of software components and top-level dependencies.
- Expanded Scan Coverage: Achieves true "shift-left" security by detecting vulnerabilities and compliance gaps earlier. Native filesystem scanning for source repositories, build artifacts, and Virtual Machine analysis ensures complete SBOM visibility for both containerized and traditional non-containerized deployments.
- Precision Triage with Anchore Score & VEX: streamlines vulnerability management by prioritizing real-world risk over static severity. By combining Anchore Score (our multi-factor risk index) with VEX (Vulnerability Exploitability eXchange) annotations, teams can identify the small fraction of exploitable vulnerabilities that require immediate action by purging false positives. This allows teams to meet strict reporting timelines as mandated by various cyber regulations, such as the CRA and SEC rules.
- Centralized Third-Party SBOM Orchestration: Empowers organizations to import vendor-provided CycloneDX and SPDX SBOMs and extend full lifecycle visibility to the security of software they didn't build, ensuring compliance with all emerging transparency regulations.
- Continuous Monitoring & Automated Reporting: Provides a unified view of compliance status with automated notifications of vulnerability changes. This supports "POA&M-as-code," allowing organizations to manage allowlists and remediation plans directly within their security workflow.
A New Standard for Provable Compliance
Anchore’s SBOM-centered solution creates a new standard for software supply chain security. By transforming static inventories into living operational artifacts, Anchore Enterprise v6 enables enterprises and governments to automate risk discovery, streamline audits, and maintain a state of continuous, provable compliance across their entire software supply chain.
Additional Resources
About Anchore
Anchore empowers organizations to secure their software supply chains with speed and confidence. Anchore Enterprise delivers comprehensive SBOM management, industry-leading vulnerability management, and advanced policy enforcement for containers and beyond. By eliminating friction in software delivery and compliance, Anchore customers such as NVIDIA, Cisco, eBay, and government agencies, including the U.S. Department of Defense and U.S. Department of Homeland Security, ship software faster while meeting the most rigorous security and regulatory standards. For more information, visit https://www.anchore.com/