Blog

5 Critical Skills for Software Supply Chain Security Professionals

5 Critical Job Skills for Software Supply Chain Security Professionals

When auditing your software supply chain security, it’s important not to forget building and maintaining the job skills of your software supply chain security team. Building skills amongst your software supply chain security team and setting expectations for skills and experience amongst your supply chain vendors is a prudent investment as you prepare for a …

5 Critical Job Skills for Software Supply Chain Security Professionals Read More »

7 Trends Lining Up to Fight Supply Chain Attacks

7 Trends Lining Up to Fight Software Supply Chain Attacks

Software supply chain attacks are going to be forever on the minds of CISOs and DevSecOps teams as commercial and public sector enterprises look for ways to avoid the headlines as the next SolarWinds. Now’s the time for technology, collaboration, and compliance processes to come together to help protect software supply chains. Here are seven …

7 Trends Lining Up to Fight Software Supply Chain Attacks Read More »

Preparing for future software supply chain attacks

Preparing for Future Software Supply Chain Attacks

Questions around software supply chain attacks aren’t leaving the industry conversation anytime because of the SolarWinds attack. It’s time to review your software supply chain security fundamentals. Now that we’re in 2021, we can all expect newfound attention on securing the supply chain inside business and government.  Let’s first define the role of the software …

Preparing for Future Software Supply Chain Attacks Read More »

2021 DevSecOps Predictions A Year of Growth and Shift Left

2021 DevSecOps Predictions: A Year of Growth and “Shift-Left”

As a company, Anchore has been tracking the growth of DevSecOps we’re seeing in the market and with our commercial and public sector customers during the past year. DevSecOps keep progressing despite everything that was going on with the pandemic.  Our team recently got together and made some predictions about how DevSecOps will fare in …

2021 DevSecOps Predictions: A Year of Growth and “Shift-Left” Read More »

2021 Container Predictions The Year Containers Walk Fast

2021 Container Predictions: The Year of Containers Walking Fast

So many of us will be glad when 2020 is over and one for the history books. On the bright side, it has been an excellent year for container technologies, though. Recently, some Anchore employees made their predictions for the container market in 2021: 2021: The Year of Containers “Walking Fast” “If we look at …

2021 Container Predictions: The Year of Containers Walking Fast Read More »

DevOps to DevSecOps Cultural Transformation The Next Steps

DevOps to DevSecOps Cultural Transformation: The Next Step

Part of any DevOps to DevSecOps transformation is cultural transformation. While you’ve probably made steps to strengthen your development and operations cultures to embrace the concepts and tools that power DevOps, there’s going to be some more work to do to transform your burgeoning corporate DevOps culture to embrace DevSecOps fully. DevSecOps is a growing …

DevOps to DevSecOps Cultural Transformation: The Next Step Read More »

Package Blocklists Are Not Foolproof

Package Blocklists Are Not Foolproof

As organizations progress in their software container adoption journeys, they realize that they need image scanning beyond simple vulnerability checks.  As security teams develop more sophisticated image policies, many implement package blocklists to keep unnecessary code such as curl and sshd out of their images. Curl can be a handy tool in development and debugging, …

Package Blocklists Are Not Foolproof Read More »

The Journey from DevOps to DevSecOps

The Journey from DevOps to DevSecOps

Digital transformation, improved security, and compliance are the key drivers pushing corporations and government agencies to adopt DevSecOps. Some organizations will experience a journey from DevOps to DevSecOps, depending on their DevOps maturity.  Defining DevOps and DevSecOps for your Organization There’s a growing list of definitions for DevOps and DevSecOps out there. Some come from …

The Journey from DevOps to DevSecOps Read More »