Anchore Strengthens Open Source Security and Compliance for CNCF’s Harbor Container Image Registry

Harbor Can Now Trigger Anchore Deep Inspection for Hosted Container Images

SANTA BARBARA, CA —  December 17, 2019 — Anchore Inc., the container analysis and security experts, today announced the integration of Anchore Engine with the Cloud Native Computing Foundation’s (CNCF) Harbor container image registry project. Harbor is an open source, cloud-native container image registry that is currently an incubating project within the Cloud Native Computing Foundation. With this new integration, Harbor users can use Anchore to automatically scan container images to identify known vulnerabilities and enforce best practices before allowing them to be published.

The rise of Linux containers has brought developers unprecedented flexibility and velocity. However, container adoption often results in reuse and redistribution of software containing security vulnerabilities. This is why deep image inspection is critical for organizations deploying containers, as it can uncover these vulnerabilities and notify operators of mismanaged credentials, problematic Dockerfile lines, exposed secrets, and other configuration issues that often create opportunities for bad actors. Using Anchore, organizations can maintain a well-informed balance between velocity and compliance.

“Deep image inspection and policy-based compliance should be a best practice for all those who create, publish, or deploy container images,” said Saïd Ziouani, CEO of Anchore. “Our goal is to empower developers to build secure software quickly and at large scale. By integrating Anchore Engine with the Harbor container image registry, we make it easy for developers to integrate comprehensive container security into their workflows.”

Anchore Engine, first released in 2017, is an open source tool for deep image inspection and vulnerability scanning. It is the only tool focused 100% on container-native scanning; it goes beyond basic source and binary scanning by probing into the configuration and contents of container images. Anchore Engine is the core of Anchore Enterprise, a fully-featured container security workflow solution for enterprises in highly-regulated industries.

The integration between Anchore Engine and CNCF’s Harbor registry is now available with Harbor version 1.10. Users can experiment with the integration by following the demonstration provided in our webinar with the Harbor team.

Read more about Anchore Engine.