Hello friends. My name is Josh and I’ve just started at Anchore as the Vice President of Security. I’ll talk more about what the role means in future posts, but for the moment I want to answer a few questions that are top of mind right now. Namely, what do I think the future of …
Viewpoint: The Future of Software Supply Chain Security Read More »
Last week the United States Cybersecurity and Infrastructure Security Agency (CISA) published a binding operational directive describing a list of security vulnerabilities that all federal agencies are required to fix. Read the directive here: https://cyber.dhs.gov/bod/22-01/ The directive establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to federal agencies. The list can …
How to Check for CISA Catalog of Exploited Vulnerabilities Read More »
Today’s DevSecOps teams face two major challenges — securing development cycles from the ever-increasing rate and complexity of software supply chain attacks and bridging the internal gaps within their organizations that have traditionally separated security and development efforts. The Gartner report, Survey Analysis: Enabling Cloud-Native DevSecOps, provides key data insights that reveal the emergence of …
Enabling Cloud-Native DevSecOps: 3 Key Takeaways from the Gartner Research Read More »
Creating a FedRAMP compliance checklist can be vital to approaching compliance methodically. While government contracting is full of FedRAMP challenges stories, the move to cloud-native development grants us new tools, technologies, and methodologies to better set your projects up for FedRAMP compliance success. It’s up to you to capture these best practices in a checklist …
DevSecOps open source convergence isn’t always apparent to business stakeholders. Here at Anchore, we’re believers in the open sourcing of DevSecOps because open source software (OSS) is foundational to cloud-native software development. The Relationship between DevSecOps and Open Source Open source technologies play a decisive role in how businesses and government agencies build their DevOps …
7 Tips to Create a DevSecOps Open Source Strategy Read More »
As we expand our portfolio of open source SBOM tools, we are excited to announce the release of sbom-action, a GitHub Action for creating a software bill of materials (SBOM) using Syft. What Is It? The sbom-action is a simple way to generate a software bill of materials (SBOM) in your GitHub-based workflows and releases. …
SBOM Tools: Drop an SBOM GitHub Action into your Workflow Read More »
Modern cloud-native software applications include software components and code from both internal developers and external sources such as open source communities or commercial software providers. Visibility into these components to identify vulnerabilities, security risks, misconfigurations, and bad practices is an integral part of securing the software supply chain. Anchore Enterprise 3.2 provides richer visibility into …
It’s been an amazing five years working with you, our users, with more than 74,000 deployments across more than 40 releases since we initially shipped Anchore Engine. Today, we are pleased to announce that the project has now reached its 1.0 milestone. Much has changed in the world of container security since our first release, …
The Security Technical Implementation Guide (STIG) is a Department of Defense (DoD) technical guidance standard that captures the cybersecurity requirements for a specific product, such as a cloud application going into production to support the warfighter. System integrators (SIs), government contractors, and independent software vendors know the STIG process as a well-governed process that all …
Getting Started with the STIG Process for Containers Read More »
We live and work in a time of Peak Ops. DevOps. DevSecOps. GitOps. And SecDevOps, to name a few. It can be confusing to discern the reality through the marketing spin. However, SecDevOps is one new form of Ops that’s worth keeping in mind as you face new and emerging security and compliance challenges as …