In this post, I will walk through the steps required to deploy the Anchore Engine Marketplace Container Image Solution on Amazon EKS with Helm. Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that makes it easy for users to run Kubernetes on AWS without needing to install and operate their own clusters. For …
With the release of Anchore Enterprise 2.1 (based on Anchore Engine 0.5.0), we are pleased to announce that Anchore Enterprise customers will now receive access to enhanced vulnerability data from Risk Based Security’s VulnDB for increased fidelity, accuracy, and live-ness of image vulnerability scanning results. Recognizing that container images need an added layer of security, …
Building containerized applications inherently brings up the question of how to best give these applications access to any sensitive information they may need. This sensitive information can often be in the form of secrets, passwords, or other credentials. This week I decided to explore a couple of bad practices / common shortcuts and some simple …
Many organizations today are currently leveraging multiple cloud providers for their cloud-native workloads. An example of such could be, a mix of several public cloud providers such as AWS, GCP, or Azure. Or perhaps a combination of a private cloud such as OpenStack, along with any public cloud provider. By definition, multi-cloud is a cloud approach which is made up of more than one cloud service, from more than one cloud vendor (public or private). At Anchore, we work with many users and customers who are faced with the challenge of adopting an effective container security strategy across the multiple cloud environments that they manage.
Anchore is a leading provider of container security and compliance enforcement solutions designed for open-source users and enterprises. Anchore provides vulnerability and policy management tools built to surface comprehensive container image package and data content, protect against security threats, and check for best-practices. All of this is wrapped in an actionable policy enforcement engine and language capable of evolving over time as compliance needs change. Flexible and robust enough for the security and policy controls regulated industry verticals need to effectively adopt cloud-native technologies at scale.
Both Anchore Engine and Enterprise are shipped and delivered as Docker containers, providing tremendous deployment flexibility across every major public cloud providers managed Kubernetes service (Amazon EKS, Azure Kubernetes Service, Google Kubernetes Engine), container platform (Red Hat OpenShift), or on-premise.
Container Registry Support
Anchore natively integrates with any public or private Docker V2 compatible container registry including the major cloud providers (Amazon ECR, Google Container Registry, Azure Container Registry), or on-premise installations (JFrog Artifactory, Sonatype Nexus, Docker, etc.).
Anchore seamlessly plugs into any CI system, providing users with pre-production security, compliance, and best-practice enforcement checks directly in their CI pipelines. Users and customers can use Anchore’s native plugins for Jenkins and CircleCI, or integrate into the CI platform of their choice (Amazon CodeBuild, Azure DevOps, TravisCI, etc.).
Kubernetes Admission Control
Anchore provides an admission controller for Kubernetes to gate pod execution based on Anchore analysis and policy evaluation of image content. It supports three different modes of operation allowing users to tune the tradeoff between control and intrusiveness for their environments. Anchore Kubernetes Admission Controller supports integrations with the major cloud providers managed Kubernetes services as well as on-premise.
Anchore Enterprise provides full Role-Based Access Control functionality, allowing organizations to manage multiple teams, users, and permissions, all from a central Anchore installation. Security, Operations, and Development teams can operate separately. Maintaining full isolation of image scan results, policy rule configurations, and custom reports.
At Anchore, we understand the benefits of an effective multi-cloud strategy. However, we are also aware of the challenges, and risks development, security, and operations teams face when securing workloads across clouds. By utilizing a CI and container registry agnostic platform, Anchore users can easily adopt a refined container security and compliance practice across all of their public and private cloud environments.