Blog

Blog

Stay Up to Date with Everything Anchore

Watching Container Images for Updates

The majority of Docker users do not built their images from scratch, instead they are built on top of base images that have been created and published by others. Usually these are official images that have been created by an organization or community and submitted to Docker Inc. and the community for official review.

read more

A Snapshot of the Container Ecosystem

Over the last 2 months we ran a short survey to collect information about Container usage. The survey was slightly shorter than the one we performed in conjunction with DevOps.com and Redmonk 6 months ago, but provides deep insight into how the container ecosystem has shifted and continued to evolve over a short period of time. Running multiple surveys gives us ability to see trends develop and as we review the results of each survey we think of new questions to ask in the next survey to dig deeper.

read more

Anatomy of a CVE

We often mention CVEs in our blogs but we usually skip over the topic, explaining that while CVE checking is important, it is just the tip of the iceberg and that you need to look deeper into the image to check configuration files, non-packaged files, software artifacts such as Ruby GEMs and Node.JS NPMs.

read more

Introducing Whitelists

In last week’s blog we covered how to create custom policies that can be used to evaluate your container images as part of your CI/CD pipeline or at any time during their lifetime. We explained that you should always perform a CVE scan of your container but that this is only the first step, in fact security vulnerabilities in the operating system packages are just the tip of the iceberg in terms of the tests that you should be performing.

read more

Becoming a Container Security Champion

Since we released Anchore’s open source project almost a year ago we’ve seen fast growing adoption by users who want to perform detailed inspection and analysis of their container images. By far the most common use case we see with our users is deploying Anchore within their continuous integration and deployment pipelines (CI/CD) especially with Jenkins.

read more

Creating Policies

At the heart of Anchore’s solution is the concept of users certifying container images based on rules that they define. In the past certifications for applications typically came from operating systems vendors who defined their own standards and worked with independent software vendors (ISVs) on certification programs to give a level of assurance to end users that the application was compatible with the underlying operating system…

read more

Microservices vs. MicroVM’s

At Anchore we spend a whole lot of time looking at container images to provide detailed analysis and certification. Most of the discussions we hear in the industry around image analysis focus on CVE scanning: how many CVEs are in an image, what severity, etc. As we’ve mentioned before, we see CVE scanning as just the tip of the iceberg and that it’s possible to have all the latest operating system packages but still have an image that has security vulnerabilities or is otherwise not compliant with your operational, security or business policies.

read more

Improved Jenkins Integration

Today we have released an update to our popular open source Jenkins plugin adding a number of powerful new features.
Using Anchore’s freely available and open source Jenkins plugin you can secure your Jenkins pipeline in less than 30 minutes adding image scanning including not just CVE based security scans but policy based scans that can include checks around security, compliance and operational best practices.

read more

Slimming Down Images

Oracle just announced a new container image: Oracle Linux 7-Slim. Their goal was to create a more lean image and improve security in the process, since reducing the footprint of the container also reduces the attack surface. You can check out that...

read more

Keeping Secrets

Docker recently announced an exciting new release of Docker Datacenter that included Integrated Secrets Management from Docker 1.13. Many containers need access to sensitive information as part of their configuration, for example they may need the...

read more

Anchore 1.1 Has Arrived

We started the week with an exciting announcement about the Anchore Navigator which received a significant update with many new features, the two new features that are proving to be the most popular are the ability submit an image for analysis and...

read more

Comparing Images

As anyone who has worked in IT support or operations for any period of time will tell you, if you get a call telling you that something stopped working, then the first question you should ask is “what changed?”. This is especially true if the application or server in question has been working well for sometime before.

read more

Hanlon’s Images

Occam’s razor is a well known philosophical principle that’s entered mainstream culture.
While there are many ways to describe this principle the most succinct is:

“The simplest answer is most often correct.”

The lesson behind this razor is that if there are many explanations for a particular phenomena, then out of the many and often complex alternative explanations the simplest is likely the most likely to be correct.

read more

Deeper Analysis with Anchore

Since we announced Anchore 1.0 back in October we have spent a great deal of time talking to our community users, partners and enterprises about their compliance and governance needs. Many of these conversations followed a similar pattern: Initial excitement about Docker and container deployments..

read more

Anchore Navigator Updates

Back on October we introduced the Anchore Navigator which provides a powerful web UI to allow users to search for repositories and then drill down into individual images to get more details including the tags for a given image, Dockerfile, digest, image layers, labels and update history.

read more

Heading to KubeCon 2016

In three weeks around a thousand IT professionals will descend on Seattle to attend the second annual KubeCon to hear about the latest advancements in Kubernetes, Containers and Cloud Native Computing. There’s a packed schedule with sessions from…

read more

Introducing Anchore Navigator

Today Anchore made a number of exciting announcements: the general availability of our first commercial product Anchore Enterprise 1.0, venture funding of around $5M, and the release of Anchore Navigator. Over the last 5 months we’ve spoken about…

read more

Is Docker More Secure?

Over the last couple of years much has been written about the security of Docker containers, with most of the analysis focusing on the comparison between containers and virtual machines. Given the similar use cases addressed by virtual…

read more

Looking Back at ContainerCon

Today marks the 25th anniversary of Linux Torvald’s posting to the comp.os.minix Usenet newsgroup announcing work on his kernel, which he described as “just a hobby”. It’s fair to say that Linus’ “hobby” project has changed the face of the IT…

read more

Extending Anchore with Jenkins

Jenkins is one of the most popular Continuous Integration/Continuous Delivery platforms in production today. Jenkins has over a million active users, and according to the CloudBees State of Jenkins survey last year, 95% of Jenkins users are already using or plan to start using Docker within 12 months.

read more

Signed, Sealed, Deployed

Red Hat recently blogged about their progress in adding support for container image signing, a particularly interesting and most welcome aspect of the design is the way that the binary signature file can be decoupled from the registry and distributed separately.

read more