Blog

Compliance’s Role in Container Image Security & Vulnerability Scanning

Compliance’s Role in Container Image Security and Vulnerability Scanning

Compliance is the practice of observing a set of standards for recommended security controls laid out by a particular agency or industry that an application must adhere to or face stiff penalties. Today, most enterprises have regulations to protect information and assets from the Center for Internet Security (CIS) to the Health Insurance Portability and …

Compliance’s Role in Container Image Security and Vulnerability Scanning Read More »

The Importance of Building Trust in Cloud Security, A Shared Responsibility With DevOps Teams

The Importance of Building Trust in Cloud Security, A Shared Responsibility With DevOps Teams

Overall the world is moving towards the cloud. Companies all across the globe are recognizing the merit of overcoming infrastructure challenges by using cloud services. While moving to cloud infrastructure solves many complex problems faced by companies, it introduces new challenges. One of the main challenges is the security of business-critical information that companies are …

The Importance of Building Trust in Cloud Security, A Shared Responsibility With DevOps Teams Read More »

Container Security & Automation, How To Implement And Keep Up With CI/CD

Container Security & Automation, How To Implement And Keep Up With CI/CD

A major issue in modern software development is the fact that most organizations are quick to adopt containers and automation, but remain behind the curve in adopting DevSecOps processes that ensure container security. By sharing the responsibility of security across all software teams, organizations can begin to identify vulnerabilities earlier in their SDLC (software development …

Container Security & Automation, How To Implement And Keep Up With CI/CD Read More »

Container Registry Audits, 3 Reasons to Implement for Container Security & Compliance

Container Registry Audits, 3 Reasons to Implement for Container Security & Compliance

The ease of access a container registry provides users is a clear advantage over legacy code storage methods. However, just like almost any other type of technology, it has the potential to house and propagate malicious code. Docker Hub was a prime example of this, as is detailed in this post about malicious cryptocurrency mining …

Container Registry Audits, 3 Reasons to Implement for Container Security & Compliance Read More »

Sharing Compliance and Security, How DevOps Benefits From Shifting Left to DevSecOps

Sharing Compliance & Security, How DevOps Benefits From Shifting Left to DevSecOps

At Anchore, we work across the spectrum of many organizations’ transformation journeys to DevSecOps. One of the most notable and exciting transformations we’ve been involved with over the past couple of years is the U.S. Department of Defense (DoD) Enterprise DevSecOps Initiative. This initiative is perhaps best described by U.S. Air Force Chief Software Officer …

Sharing Compliance & Security, How DevOps Benefits From Shifting Left to DevSecOps Read More »

Part 2 A Container Security Terminology Guide For Better DevSecOps Communication

Part 2, A Container Security Terminology Guide For Better Communication

In part 1 of our container security terminology guide, we introduced everyone to our shift left lexicon to help you gain a clear understanding of the key phrases and common phrases used in DevSecOps. Today, we’re sharing part 2 of our guide where we’ll broaden our focus to include additional key security language is routinely …

Part 2, A Container Security Terminology Guide For Better Communication Read More »

A Container Security Terminology Guide For Better Communication in DevSecOps

A Container Security Terminology Guide For Better Communication

Many enterprises often find themselves sifting through guidance, compliance regulations, and requirements as organizations set out on their DevSecOps journey. Sifting through all of the key terminology and understanding how each key item intricately interacts with other key components can be overwhelming for developers who may be in the beginning stages of their journey. To …

A Container Security Terminology Guide For Better Communication Read More »

Introducing Anchore Enterprise 2.4

Introducing Anchore Enterprise 2.4

Today, we are pleased to announce the GA of Anchore Enterprise 2.4. In keeping with previous releases in the 2.x series, version 2.4 has been heavily driven by customer requests both in terms of features and operational improvements. Without further ado, let’s go into the main enhancements. Base Image Comparison It is common for teams …

Introducing Anchore Enterprise 2.4 Read More »

Container Security in Helm Charts for DevOps Teams

Container Security in Helm Charts for DevOps Teams

What is Helm? In very basic terms, Helm is a package manager for Kubernetes that makes it easy to take applications and services that are highly repeatable and scalable and deploy them to a Kubernetes cluster. Helm deploys applications using charts, which are essentially the final packaged artifact; a complete collection of files describing the …

Container Security in Helm Charts for DevOps Teams Read More »