Blog

When auditing your software supply chain security, it’s important not to forget building and maintaining the job skills of your software supply chain security team. Building skills amongst your software supply chain security team and setting expectations for skills and experience amongst your supply chain vendors is a prudent investment as you prepare for a …

5 Critical Job Skills for Software Supply Chain Security Professionals Read More »

Software supply chain attacks are going to be forever on the minds of CISOs and DevSecOps teams as commercial and public sector enterprises look for ways to avoid the headlines as the next SolarWinds. Now’s the time for technology, collaboration, and compliance processes to come together to help protect software supply chains. Here are seven …

7 Trends Lining Up to Fight Software Supply Chain Attacks Read More »

Questions around software supply chain attacks aren’t leaving the industry conversation anytime because of the SolarWinds attack. It’s time to review your software supply chain security fundamentals. Now that we’re in 2021, we can all expect newfound attention on securing the supply chain inside business and government.  Let’s first define the role of the software …

Preparing for Future Software Supply Chain Attacks Read More »

DevSecOps seems to attract its share of myths. As we go into 2021, it’s time that we as an industry work to dispel those myths for our prospective customers, customers, and internal stakeholders across our organizations. Here are some common DevSecOps myths we can all work on dispelling in 2021: 1. Organizations lose control when …

5 DevSecOps Myths to Dispel in 2021 Read More »

As a company, Anchore has been tracking the growth of DevSecOps we’re seeing in the market and with our commercial and public sector customers during the past year. DevSecOps keep progressing despite everything that was going on with the pandemic.  Our team recently got together and made some predictions about how DevSecOps will fare in …

2021 DevSecOps Predictions: A Year of Growth and “Shift-Left” Read More »

So many of us will be glad when 2020 is over and one for the history books. On the bright side, it has been an excellent year for container technologies, though. Recently, some Anchore employees made their predictions for the container market in 2021: 2021: The Year of Containers “Walking Fast” “If we look at …

2021 Container Predictions: The Year of Containers Walking Fast Read More »

We live in an unprecedented era of remote work due to COVID-19.  Now is the time to review the security of your DevSecOps toolchain to ensure that the tools and workflow powering your software development is secure from attacks. Here are some tips to consider as you evaluate your approach to integrating security at each …

Securing the DevSecOps Toolchain Read More »

Part of any DevOps to DevSecOps transformation is cultural transformation. While you’ve probably made steps to strengthen your development and operations cultures to embrace the concepts and tools that power DevOps, there’s going to be some more work to do to transform your burgeoning corporate DevOps culture to embrace DevSecOps fully. DevSecOps is a growing …

DevOps to DevSecOps Cultural Transformation: The Next Step Read More »

As organizations progress in their software container adoption journeys, they realize that they need image scanning beyond simple vulnerability checks.  As security teams develop more sophisticated image policies, many implement package blocklists to keep unnecessary code such as curl and sshd out of their images. Curl can be a handy tool in development and debugging, …

Package Blocklists Are Not Foolproof Read More »

Digital transformation, improved security, and compliance are the key drivers pushing corporations and government agencies to adopt DevSecOps. Some organizations will experience a journey from DevOps to DevSecOps, depending on their DevOps maturity.  Defining DevOps and DevSecOps for your Organization There’s a growing list of definitions for DevOps and DevSecOps out there. Some come from …

The Journey from DevOps to DevSecOps Read More »