Toolkits and orchestrators such as Docker and Kubernetes have been increasingly popular for companies wishing to containerize their applications and microservices. However, they also come with a responsibility for making sure these containers are secure. Whether your company builds web apps or deploys mission-critical software on jets, you should be thinking about ways to minimize …
Open source software can produce surprising results. Once you create a project or application that solves real problems – and make it available under a license that enables it to be distributed throughout the world – it won’t be long before it turns up in all sorts of interesting projects and organizations. This has certainly …
Today marks a major milestone in the Anchore journey. Just a little over 3 years since we opened our doors, we have secured a substantial $20M round of funding that will allow us to address the next wave of container users around the world. I am utterly pleased and totally blown away by what a …
Echoing Dickens, for many in software security, it is the best of times and it is the worst of times. Every day brings literal front page news about software compromises resulting in massive data leaks. Meanwhile, the use of cloud-native technologies has meant that the variety and complexity of software being deployed has outstripped the …
Just in time for the holidays, Anchore Enterprise 2.2, our latest update, is now generally available to all of our customers. For this release, we focus on third-party integrations to send notifications, and a new system dashboard to help customers view the status of their systems. This new enterprise release is based on open source …
GitHub has been a key vendor in making the developer experience friction free and many of the features they announced this week at their GitHub Universe conference continue to set the standard. What was notable at the event this week was that security has now been added to the fiction-free mantra and, for anyone who …
GitHub Actions Lowers the Bar for Improving Security Read More »
Today at Github Universe, we are announcing the availability of the Anchore Container Scan action for GitHub. Actions allow developers to automate CI/CD workflows, easily integrating tools like Anchore into their build processes. This new action was designed for teams looking to introduce security into their development processes. You can find the action in the …
Last week, the team at DeliveryHero posted the first in a series of articles about bolstering container security and compliance in their DevOps container orchestration model using Anchore Engine. We think they did a fantastic job explaining their goals and sharing the progress they have made. Their article is a great read for those who …
The DeliveryHero Story: Inviting Security to the Party Read More »
In this post, I will dive deeper into the key benefits of a comprehensive container image inspection and policy as code framework A couple of key terms: Comprehensive Container Image Inspection: Complete analysis of a container image to identify it’s entire contents: OS & non-OS packages, libraries, licenses, binaries, credentials, secrets, and metadata. Importantly: storing …
Benefits of Static Image Inspection and Policy Enforcement Read More »
Introduction Successful container and CI/CD security encompasses not only vulnerability analysis but also a mindset based on integrating security with every step of the Software Development Life Cycle (SDLC). At Anchore, we believe incorporating early and frequent scanning with policy enforcement can help reduce overall security risk. This blog shares some of the elements that …
Success With Anchore | Best Practices from our Customers Read More »
