Blog

Compliance is the practice of observing a set of standards for recommended security controls laid out by a particular agency or industry that an application must adhere to or face stiff penalties. Today, most enterprises have regulations to protect information and assets from the Center for Internet Security (CIS) to the Health Insurance Portability and …

Compliance’s Role in Container Image Security and Vulnerability Scanning Read More »

Updated post as of  September 24, 2020 The adoption of software containers has been spreading like wildfire in the last few years, reaching new industries and changing the structure and pace at which we consume and produce software. At the same time, container adoption opens new doors for vulnerabilities in the era of software reuse. …

Docker Image Security in 5 Minutes or Less Read More »

Overall the world is moving towards the cloud. Companies all across the globe are recognizing the merit of overcoming infrastructure challenges by using cloud services. While moving to cloud infrastructure solves many complex problems faced by companies, it introduces new challenges. One of the main challenges is the security of business-critical information that companies are …

The Importance of Building Trust in Cloud Security, A Shared Responsibility With DevOps Teams Read More »

A major issue in modern software development is the fact that most organizations are quick to adopt containers and automation, but remain behind the curve in adopting DevSecOps processes that ensure container security. By sharing the responsibility of security across all software teams, organizations can begin to identify vulnerabilities earlier in their SDLC (software development …

Container Security & Automation, How To Implement And Keep Up With CI/CD Read More »

The ease of access a container registry provides users is a clear advantage over legacy code storage methods. However, just like almost any other type of technology, it has the potential to house and propagate malicious code. Docker Hub was a prime example of this, as is detailed in this post about malicious cryptocurrency mining …

Container Registry Audits, 3 Reasons to Implement for Container Security & Compliance Read More »

At Anchore, we work across the spectrum of many organizations’ transformation journeys to DevSecOps. One of the most notable and exciting transformations we’ve been involved with over the past couple of years is the U.S. Department of Defense (DoD) Enterprise DevSecOps Initiative. This initiative is perhaps best described by U.S. Air Force Chief Software Officer …

Sharing Compliance & Security, How DevOps Benefits From Shifting Left to DevSecOps Read More »

In part 1 of our container security terminology guide, we introduced everyone to our shift left lexicon to help you gain a clear understanding of the key phrases and common phrases used in DevSecOps. Today, we’re sharing part 2 of our guide where we’ll broaden our focus to include additional key security language is routinely …

Part 2, A Container Security Terminology Guide For Better Communication Read More »

Many enterprises often find themselves sifting through guidance, compliance regulations, and requirements as organizations set out on their DevSecOps journey. Sifting through all of the key terminology and understanding how each key item intricately interacts with other key components can be overwhelming for developers who may be in the beginning stages of their journey. To …

A Container Security Terminology Guide For Better Communication Read More »

Today, we are pleased to announce the GA of Anchore Enterprise 2.4. In keeping with previous releases in the 2.x series, version 2.4 has been heavily driven by customer requests both in terms of features and operational improvements. Without further ado, let’s go into the main enhancements. Base Image Comparison It is common for teams …

Introducing Anchore Enterprise 2.4 Read More »

What is Helm? In very basic terms, Helm is a package manager for Kubernetes that makes it easy to take applications and services that are highly repeatable and scalable and deploy them to a Kubernetes cluster. Helm deploys applications using charts, which are essentially the final packaged artifact; a complete collection of files describing the …

Container Security in Helm Charts for DevOps Teams Read More »