Blog
Blog
Stay Up to Date with Everything AnchoreAnchore Navigator 2.0 Beta is now Available
In October 2016 Anchore announced the launch of the Anchore Navigator a free service to allow users to discover and analyze images on public container registries. Since then thousands of users have used the Navigator to search for container images, perform deep inspection of images and sign up to receive notifications when images were updated.
read moreDemocratizing Container Certification
Recently Red Hat announced a new certification program for container images. Key to this announcement is the concept of a container health index that is used to grade a container which is “determined by Red Hat’s evaluation of the level of critical or important security errata that is missing from an image”.
read moreWatching Container Images for Updates
The majority of Docker users do not built their images from scratch, instead they are built on top of base images that have been created and published by others. Usually these are official images that have been created by an organization or community and submitted to Docker Inc. and the community for official review.
read moreA Snapshot of the Container Ecosystem
Over the last 2 months we ran a short survey to collect information about Container usage. The survey was slightly shorter than the one we performed in conjunction with DevOps.com and Redmonk 6 months ago, but provides deep insight into how the container ecosystem has shifted and continued to evolve over a short period of time. Running multiple surveys gives us ability to see trends develop and as we review the results of each survey we think of new questions to ask in the next survey to dig deeper.
read moreAnatomy of a CVE
We often mention CVEs in our blogs but we usually skip over the topic, explaining that while CVE checking is important, it is just the tip of the iceberg and that you need to look deeper into the image to check configuration files, non-packaged files, software artifacts such as Ruby GEMs and Node.JS NPMs.
read moreIntroducing Whitelists
In last week’s blog we covered how to create custom policies that can be used to evaluate your container images as part of your CI/CD pipeline or at any time during their lifetime. We explained that you should always perform a CVE scan of your container but that this is only the first step, in fact security vulnerabilities in the operating system packages are just the tip of the iceberg in terms of the tests that you should be performing.
read moreCreating Policies
At the heart of Anchore’s solution is the concept of users certifying container images based on rules that they define. In the past certifications for applications typically came from operating systems vendors who defined their own standards and worked with independent software vendors (ISVs) on certification programs to give a level of assurance to end users that the application was compatible with the underlying operating system…
read moreMicroservices vs. MicroVM’s
At Anchore we spend a whole lot of time looking at container images to provide detailed analysis and certification. Most of the discussions we hear in the industry around image analysis focus on CVE scanning: how many CVEs are in an image, what severity, etc. As we’ve mentioned before, we see CVE scanning as just the tip of the iceberg and that it’s possible to have all the latest operating system packages but still have an image that has security vulnerabilities or is otherwise not compliant with your operational, security or business policies.
read moreImproved Jenkins Integration
Today we have released an update to our popular open source Jenkins plugin adding a number of powerful new features.
Using Anchore’s freely available and open source Jenkins plugin you can secure your Jenkins pipeline in less than 30 minutes adding image scanning including not just CVE based security scans but policy based scans that can include checks around security, compliance and operational best practices.
An Update on the Anchore Open Source Project
What’s going on in the world of Anchore’s open source platform? As you might know, Anchore has an online container image navigator that provides unique visibility into the contents of container images--our system is constantly watching for updates...
read moreSlimming Down Images
Oracle just announced a new container image: Oracle Linux 7-Slim. Their goal was to create a more lean image and improve security in the process, since reducing the footprint of the container also reduces the attack surface. You can check out that...
read moreKeeping Secrets
Docker recently announced an exciting new release of Docker Datacenter that included Integrated Secrets Management from Docker 1.13. Many containers need access to sensitive information as part of their configuration, for example they may need the...
read moreAnchore 1.1 Has Arrived
We started the week with an exciting announcement about the Anchore Navigator which received a significant update with many new features, the two new features that are proving to be the most popular are the ability submit an image for analysis and...
read moreA Better Way to Navigate Container Registries
In October 2016 Anchore announced the first release of our commercial product, built on top of our open source container analysis engine. The focus of the open source project and the commercial offering is to deliver tools that perform deep…
read moreComparing Images
As anyone who has worked in IT support or operations for any period of time will tell you, if you get a call telling you that something stopped working, then the first question you should ask is “what changed?”. This is especially true if the application or server in question has been working well for sometime before.
read moreHanlon’s Images
Occam’s razor is a well known philosophical principle that’s entered mainstream culture.
While there are many ways to describe this principle the most succinct is:
“The simplest answer is most often correct.”
The lesson behind this razor is that if there are many explanations for a particular phenomena, then out of the many and often complex alternative explanations the simplest is likely the most likely to be correct.
read moreDeeper Analysis with Anchore
Since we announced Anchore 1.0 back in October we have spent a great deal of time talking to our community users, partners and enterprises about their compliance and governance needs. Many of these conversations followed a similar pattern: Initial excitement about Docker and container deployments..
read moreAnchore Navigator Updates
Back on October we introduced the Anchore Navigator which provides a powerful web UI to allow users to search for repositories and then drill down into individual images to get more details including the tags for a given image, Dockerfile, digest, image layers, labels and update history.
read moreAnchore Joins the Open Container Initiative
Today we formally announced that Anchore had joined the Open Container Initiative. The OCI was established to develop standards for containers, initially focusing on the runtime format specification but later adding the container image format specification.
read moreHow fast can you add image scanning to Jenkins?
Last month we blogged about securing your Jenkins pipeline, how within 10 minutes you could add, for free, image scanning, analysis and compliance validation. Since then we’ve spoken to many organizations who’ve had the opportunity to add security…
read moreSecuring your Jenkins CI/CD Container Pipeline with Anchore (in under 10 minutes)
Jenkins is by far the most popular Continuous Integration/Continuous Delivery platform in use today with over a million users relying on Jenkins every day to improve developer productivity and streamline their development and testing process. In…
read moreHeading to KubeCon 2016
In three weeks around a thousand IT professionals will descend on Seattle to attend the second annual KubeCon to hear about the latest advancements in Kubernetes, Containers and Cloud Native Computing. There’s a packed schedule with sessions from…
read moreIntroducing Anchore Navigator
Today Anchore made a number of exciting announcements: the general availability of our first commercial product Anchore Enterprise 1.0, venture funding of around $5M, and the release of Anchore Navigator. Over the last 5 months we’ve spoken about…
read moreAnchore 1.0: Where fast pace innovation meets production deployment confidence
It has been just a little over five months since Anchore opened its doors, and we’re happy to announce the General Availability of Anchore 1.0 – combining an open source platform for community participation, while addressing enterprise needs…
read moreIs Docker More Secure?
Over the last couple of years much has been written about the security of Docker containers, with most of the analysis focusing on the comparison between containers and virtual machines. Given the similar use cases addressed by virtual…
read moreLooking Back at ContainerCon
Today marks the 25th anniversary of Linux Torvald’s posting to the comp.os.minix Usenet newsgroup announcing work on his kernel, which he described as “just a hobby”. It’s fair to say that Linus’ “hobby” project has changed the face of the IT…
read moreHow are Containers Really Being Used?
Our friends at ContainerJournal and Devops.com are running a survey to learn how you are using containers today and your plans for the future.
read moreAnchore is Heading to ContainerCon 2016
August 2016 marks a full quarter of a century since Linus Torvalds began the development of the Linux kernel, and later this month we will celebrate the massive impact that Linux has had on the technology world at LinuxCon in Toronto,…
read moreExtending Anchore with Jenkins
Jenkins is one of the most popular Continuous Integration/Continuous Delivery platforms in production today. Jenkins has over a million active users, and according to the CloudBees State of Jenkins survey last year, 95% of Jenkins users are already using or plan to start using Docker within 12 months.
read moreSigned, Sealed, Deployed
Red Hat recently blogged about their progress in adding support for container image signing, a particularly interesting and most welcome aspect of the design is the way that the binary signature file can be decoupled from the registry and distributed separately.
read more