Blog

Announcing Anchore Scan Pipe for Atlassian Bitbucket Pipelines

Recent announcements from Atlassian have made several powerful new features of the Bitbucket platform available worldwide – at Anchore, this means that our official Anchore Scan Pipe for Atlassian Bitbucket Pipelines is also now generally available, bringing container image security and compliance scanning ever closer to your Atlassian Bitbucket based automated software delivery systems. Pipelines …

Announcing Anchore Scan Pipe for Atlassian Bitbucket Pipelines Read More »

Anchore Enterprise 2.3 feature series scheduled reports

Anchore Enterprise 2.3 Feature Series: Scheduled Reports

With the release of Anchore Enterprise 2.3 (built upon Anchore Engine v0.7.1), we are happy to announce a new feature of our reporting service: the ability to run scheduled reports. Scheduled reporting is used to create custom queries, set a report to run on an automated schedule (or store the configuration for future use). Automatic …

Anchore Enterprise 2.3 Feature Series: Scheduled Reports Read More »

windows container scanning with anchore

Anchore Scanning for Windows Container Images

With the recent release of version 2.3, Anchore Enterprise now supports scanning of Windows container images and the addition of a new feed source for identifying Windows vulnerabilities: Microsoft Security Response Center (MSRC). MSRC Microsoft Security Response Center maintains reports of security vulnerabilities affecting Windows systems in its Security Update Guide. In addition to publishing …

Anchore Scanning for Windows Container Images Read More »

Support for NuGet packages

Anchore Enterprise 2.3 Feature Series: NuGet Package Support

With the release of Anchore Engine 0.7.0 and Anchore Enterprise 2.3, we are happy to share that you can now scan for vulnerabilities in NuGet packages inside your container images. This new language package support is made possible by the addition of the GitHub Security Advisories data source into Anchore. You can read more about …

Anchore Enterprise 2.3 Feature Series: NuGet Package Support Read More »

Hypothekarbank banking DevSecOps case study

Risk and Reward: Container Security in the Swiss Banking Sector

There’s an odd mix of fearlessness and fear that surrounds our constant need for innovation in modern business. It takes courage to risk striking out in a new direction, turning your back on the perceived stability of the status quo. And yet, in many industries, the compulsion for innovation is fuelled by a very real …

Risk and Reward: Container Security in the Swiss Banking Sector Read More »

Container Security for US Government Information Systems

Over the last year, we received great feedback from our customers regarding our Container Security for US Government Information Systems white paper. Today, we are publishing version 2.0, which updates and expands upon last year’s document. The two central challenges for Federal organizations remain the same: Security and compliance guidelines are increasing in both urgency …

Container Security for US Government Information Systems Read More »

Anchore Enterprise 2.3 Feature Series: GitHub Security Advisories

With the release of Anchore Enterprise 2.3 (built upon Anchore Engine v0.7.1), we are happy to announce a new feed provider: GitHub Security Advisories (GHSA). GHSAs are another source of data that Anchore uses to match vulnerabilities to packages within a container. In this post, we will look into what GHSAs include, describe how Anchore …

Anchore Enterprise 2.3 Feature Series: GitHub Security Advisories Read More »

Introducing Anchore Enterprise 2.3

Today, we announced the availability of Anchore Enterprise 2.3 for our enterprise and federal government customers. Keeping to a 4 month development cycle since our last release, 2.3 includes some big new features that sees expanded coverage for Windows containers and .NET packages as the headline. Microsoft is the original developer-champion; combined with their acquisition of …

Introducing Anchore Enterprise 2.3 Read More »

Getting Started With Anchore Policy Bundles

In order to shift security left in the development lifecycle without compromising production velocity, security requirements must be automated and embedded into continuous integration / continuous delivery workflows. Organizations can achieve this through the automated implementation, verification, remediation, monitoring and reporting of compliance into the development pipeline. Furthermore, organizations can manage security requirements in code …

Getting Started With Anchore Policy Bundles Read More »