Blog

Blog

Stay Up to Date with Everything Anchore

Creating Policies

At the heart of Anchore’s solution is the concept of users certifying container images based on rules that they define. In the past certifications for applications typically came from operating systems vendors who defined their own standards and worked with independent software vendors (ISVs) on certification programs to give a level of assurance to end users that the application was compatible with the underlying operating system…

read more

Microservices vs. MicroVM’s

At Anchore we spend a whole lot of time looking at container images to provide detailed analysis and certification. Most of the discussions we hear in the industry around image analysis focus on CVE scanning: how many CVEs are in an image, what severity, etc. As we’ve mentioned before, we see CVE scanning as just the tip of the iceberg and that it’s possible to have all the latest operating system packages but still have an image that has security vulnerabilities or is otherwise not compliant with your operational, security or business policies.

read more

Improved Jenkins Integration

Today we have released an update to our popular open source Jenkins plugin adding a number of powerful new features.
Using Anchore’s freely available and open source Jenkins plugin you can secure your Jenkins pipeline in less than 30 minutes adding image scanning including not just CVE based security scans but policy based scans that can include checks around security, compliance and operational best practices.

read more

Slimming Down Images

Oracle just announced a new container image: Oracle Linux 7-Slim. Their goal was to create a more lean image and improve security in the process, since reducing the footprint of the container also reduces the attack surface. You can check out that...

read more

Keeping Secrets

Docker recently announced an exciting new release of Docker Datacenter that included Integrated Secrets Management from Docker 1.13. Many containers need access to sensitive information as part of their configuration, for example they may need the...

read more

Anchore 1.1 Has Arrived

We started the week with an exciting announcement about the Anchore Navigator which received a significant update with many new features, the two new features that are proving to be the most popular are the ability submit an image for analysis and...

read more

Comparing Images

As anyone who has worked in IT support or operations for any period of time will tell you, if you get a call telling you that something stopped working, then the first question you should ask is “what changed?”. This is especially true if the application or server in question has been working well for sometime before.

read more

Hanlon’s Images

Occam’s razor is a well known philosophical principle that’s entered mainstream culture.
While there are many ways to describe this principle the most succinct is:

“The simplest answer is most often correct.”

The lesson behind this razor is that if there are many explanations for a particular phenomena, then out of the many and often complex alternative explanations the simplest is likely the most likely to be correct.

read more

Deeper Analysis with Anchore

Since we announced Anchore 1.0 back in October we have spent a great deal of time talking to our community users, partners and enterprises about their compliance and governance needs. Many of these conversations followed a similar pattern: Initial excitement about Docker and container deployments..

read more

Anchore Navigator Updates

Back on October we introduced the Anchore Navigator which provides a powerful web UI to allow users to search for repositories and then drill down into individual images to get more details including the tags for a given image, Dockerfile, digest, image layers, labels and update history.

read more

Heading to KubeCon 2016

In three weeks around a thousand IT professionals will descend on Seattle to attend the second annual KubeCon to hear about the latest advancements in Kubernetes, Containers and Cloud Native Computing. There’s a packed schedule with sessions from…

read more

Introducing Anchore Navigator

Today Anchore made a number of exciting announcements: the general availability of our first commercial product Anchore Enterprise 1.0, venture funding of around $5M, and the release of Anchore Navigator. Over the last 5 months we’ve spoken about…

read more

Is Docker More Secure?

Over the last couple of years much has been written about the security of Docker containers, with most of the analysis focusing on the comparison between containers and virtual machines. Given the similar use cases addressed by virtual…

read more

Looking Back at ContainerCon

Today marks the 25th anniversary of Linux Torvald’s posting to the comp.os.minix Usenet newsgroup announcing work on his kernel, which he described as “just a hobby”. It’s fair to say that Linus’ “hobby” project has changed the face of the IT…

read more

Extending Anchore with Jenkins

Jenkins is one of the most popular Continuous Integration/Continuous Delivery platforms in production today. Jenkins has over a million active users, and according to the CloudBees State of Jenkins survey last year, 95% of Jenkins users are already using or plan to start using Docker within 12 months.

read more

Signed, Sealed, Deployed

Red Hat recently blogged about their progress in adding support for container image signing, a particularly interesting and most welcome aspect of the design is the way that the binary signature file can be decoupled from the registry and distributed separately.

read more

Extending Anchore with Lynis

Add Lynis scanning to Anchore image analysis Note: You will need the latest Anchore code from github to follow this procedure: Install it here In this post, we focus on solving a common problem that is faced when building out a…

read more

Anchore and Kubernetes: Pod People

Anchore provides the ability to inspect, query, and apply policies to container images prior to deployment in a Kubernetes cluster without impacting normal operations. To show how Anchore complements Kubernetes and integrates into its delivery workflow, we’ve written the following whitepaper.

read more