Anchore for Software vendors
Anchore provides a platform to allow ISVs to certify their containers and to give confidence to their customers
Anchore for Software Vendors
Anchore provides a platform to allow ISVs to certify their containers and to give confidence to their customers.
“Shipping Scality’s applications as containers greatly simplifies deployment and maintenance for our customers. However, enterprise customers want to be sure that the containers they are deploying are secure and well maintained. Using Anchore’s tools we can define strict policies for security and compliance that ensure only images that meet our stringent security requirements are released. Anchore’s Navigator allows our customers to independently verify the certification status of all their images at any time, as well as define their own specific certification policies.”
Giorgio Regni – Founder & CTO
Build Once and Safely Deploy Anywhere
Docker and containers have revolutionized enterprise IT. It’s never been easier to build, deploy and run applications. Docker offers a new way to package applications to run on any infrastructure, finally delivering on the promise of build once deploy anywhere, whether that’s on a developer’s laptop, a server, private cloud or public cloud. For Independent Software Vendors deploying applications as containers offers significant advantages in terms of simplified development, testing and maintenance.
The Challenge for ISV’s
While end-users welcome the simplicity containers bring to deploying off-the-shelf applications, software vendors face a number of adoption challenges. Many enterprises are reluctant to deploy a third party container without knowing what’s inside the container or if it introduces new risks that compromise security, compliance and overall best practices.
The Anchore Solution
With Anchore’s Navigator software vendors can enable their customers to verify the security and compliance of container images without requiring them to download & analyze the images themselves. This validation by an independent third party, using open source tools with a published certification policy allows enterprises to deploy third party containers with confidence.
Certification for Containers
Anchore acts as an independent third party providing validation of the container’s certification against the policy published by the ISV.
If required, an enterprise can use Anchore’s open source tool along with the ISV’s published policy to verify the compliance of the container.
Compliance throughout the Software Development Lifecycle
Using Anchore’s tools software vendors can define policies for security and compliance that are evaluated by Anchore at each stage of the build pipline, ensuring that only images that adhere to the vendor’s policies are published.
If the compliance status of an image changes over time, for example if a new security vulnerability is discovered, Anchore will produce a notification that can be used to trigger a new build.
For an end user, finding a container image with the functionality you need that also meets the security and compliance best practices of their organization can be challenging. While the 500,000 images on Dockerhub are usually where users go first when searching for images, there are a growing number of registries, both public such as those from cloud providers like Amazon and Google, and private registries provided by software vendors. Each of these has it’s own web interface or API and in most cases users may not even be aware of these registries.
With Anchore Navigator end users can search for images on popular public & private repositories and in the process discover images they were previously unaware of that are potentially better suited to their needs and published by ISV’s. By indexing images on the Navigator, ISV’s can solve the discoverability problems they currently face in distributing their images and effectively connect with more users searching for their service.
Schedule a Time to Speak with Us
Request a demo to learn more about how Anchore can help give your customers confidence to deploy containers.