Blog

Anchore provides a convenient quick-start using both Docker Compose and Helm to spin up each of its services. Docker Compose may have some advantages over Kubernetes for those new to container architectures, namely the smaller learning curve required, as deployments grow, Kubernetes is a more robust solution to handle scaling, high availability, and multi-node clusters …

Why We Recommend Helm for Production Instead of Docker Compose Read More »

When you want to sell to the government, it behooves you to pick your partners wisely—and it’s no accident that Anchore chose to work with the largest trusted government IT solutions provider, Carahsoft Technology Corporation, to distribute Anchore’s products to public sector customers. See press release: Carahsoft and Anchore launch partnership in public sector This …

Anchore and Carahsoft Read More »

As I’m sure you have read throughout the previous blogs, Anchore is a very versatile tool that brings security to your containerized workflow. It can be integrated into any CI/CD platform for quick and easy security scans. Today I will show you how to integrate it into Azure DevOps, a useful tool offered by Microsoft. …

Anchore and Azure DevOps Read More »

In this blog, we’ll integrate Anchore Engine into a Jenkins pipeline to prevent vulnerable container images from entering our production environment. We’ll install Docker, Anchore Engine, and Jenkins on a single node (with Ansible) so we can then configure the Anchore plugin into our Jenkins jobs. In this example, we use AWS and a GitLab …

Anchore and Jenkins Pipeline Configuration Read More »

In this blog, we will add Anchore security and compliance to a GitLab container pipeline. We will be using AWS and a GitLab registry, however the same approach can be taken for any platform or registry. Requirements AWS account GitLab account Step 1: Project Setup To get started, let’s sign into GitLab and create a …

Anchore and GitLab Pipeline Configuration Read More »

While many Anchore Enterprise users are familiar with our open source Anchore Engine tool and have a good understanding of the way Anchore works, getting started with the additional features provided by the full product may at first seem overwhelming. In this blog, we will walk through some of the major capabilities of Anchore Enterprise …

A Beginner’s Guide to Anchore Enterprise Read More »

Just like you, I was new to Anchore just a few short weeks ago. Here is a quick run down to make getting started just a little bit easier using the documentation for Anchore Engine. Anchore Engine is an open source project that allows users to inspect and analyze security risks within containers. It can …

Anchore Engine: Tips and Tricks for New Users Read More »

In today’s DevSecOps environment filled with microservices and containers, applications are developed with the idea of scaling in mind. Performing security checks on thousands – or even millions – of container images may seem like a giant undertaking, but Anchore was built with the idea of scaling to handle vast amounts of image analyses. While …

Scanning in the Millions: Scaling with Anchore Read More »

At their recent Satellite event in early May, GitHub released a powerful new addition to their increasingly robust set of security and automation features within GitHub Advanced Security, called code scanning. At a high level, this new feature brings static code analysis (based on the CodeQL technology acquired from Semmle last year), with a focus on …

Latest Anchore Action Delivers Container Security as an Integrated GitHub Experience Read More »

On May 27th, Anchore had the privilege of participating in the virtual Microsoft Azure Government DC Meetup. The rise of DevSecOps in gov software initiatives was a fantastic event with a great spread of knowledge. There were demos such as deploying OpenStack onto secure infrastructure and implementing DevSecOps at full speed. I gave a demo …

Watch the Rise of DevSecOps in Gov Software Initiatives Read More »