Digital transformation, improved security, and compliance are the key drivers pushing corporations and government agencies to adopt DevSecOps. Some organizations will experience a journey from DevOps to DevSecOps, depending on their DevOps maturity. Defining DevOps and DevSecOps for your Organization There’s a growing list of definitions for DevOps and DevSecOps out there. Some come from …
Open source technologies play a decisive role in how businesses and government agencies build their DevOps toolchains and capabilities. Entire companies have grown around open source DevOps and DevSecOps tools, offering enterprise-grade services and support for corporate and government customers. DevSecOps Adoption IRL The adoption of DevSecOps across the public sector and industries such as …
About a month ago, GitHub announced the presence of a moderate security vulnerability in the GitHub Actions runner that can allow environment variables and path injection in workflows that log untrusted data to STDOUT. You can read the disclosure here for more details. Given at Anchore, we build and maintain a GitHub Action of our …
Using Grype to Identify GitHub Action Vulnerabilities Read More »
Open source is foundational to much of what we do here at Anchore. It’s at the core of Anchore Enterprise, our complete container security workflow solution for enterprise DevSecOps. Anchore Toolbox is our collection of lightweight, single-purpose open source tools for the analysis and scanning of software projects. Each tool has its place in the …
Free Download: Inside the Anchore Technology Suite: Open Source to Enterprise Read More »
In previous posts, we’ve demonstrated how to create a Kubernetes cluster on AWS Elastic Kubernetes Service (EKS) and how to deploy Anchore Enterprise in your EKS cluster. The focus of this post is to demonstrate how to configure a more production-like deployment of Anchore with integrations such as SSL support, RDS database backend and S3 …
Configuring Anchore Enterprise on AWS Elastic Kubernetes Services (EKS) Read More »
The latest version of the DoD Container Image and Deployment Guide details technical and security requirements for container image creation and deployment within a DoD production environment. Sections 2 and 3 of the guide include security practices that teams must follow to limit the footprint of security flaws during the container image build process. These …
Enforcing the DoD Container Image and Deployment Guide with Anchore Federal Read More »
The latest version of the Department of Defense (DoD) Container Hardening Process Guide includes Anchore Federal as an approved container scanning tool. This hardening process is critical because it allows for a measurement of risk that an Authorizing Official (AO) assesses while rendering their decision to authorize the container. DoD programs can use this guide …
Anchore Federal Now Part of the DoD Container Hardening Process Read More »
[Post updated as of November 5, 2020] Anchore provides a convenient quick-start using both Docker Compose and Helm to spin up each of its services. Docker Compose may have some advantages over Kubernetes for those new to container architectures, namely the smaller learning curve required, as deployments grow, Kubernetes is a more robust solution to …
Why We Recommend Helm for Production Instead of Docker Compose Read More »
Many companies have been investing heavily in Artificial Intelligence (AI) over the past few years. It has enabled cars to drive themselves, doctors to pick up on various diseases earlier, and even create works of art. Such a powerful technology can impact nearly every aspect of human life. We want to explore what that looks …
Many organizations have seen increased value from in house software development by adopting open source technology and containers to quickly build and package software for the cloud. Usually branded as Digital Transformation, this shift comes with trade-offs not often highlighted by vendors and boutique consulting firms selling the solutions. The reality is moving fast, can …