Container security is a team sport.  Development teams need to avoid delays by finding and fixing security issues early in development, while DevOps teams must check compliance before they deploy. Security teams must continuously monitor for new vulnerabilities that impact production environments. Collaboration among these teams is required for efficient and effective security processes. Anchore Enterprise 3.1 adds new capabilities to expand automation of container security across these stages from development to production. This will advance the team’s collective goals and ultimately, speed to market.

Runtime Image Monitoring for Continuous Security

Anchore Enterprise 3.1 makes it easy to monitor your running containers and quickly evaluate images for security and compliance risks. Security teams can now watch entire Kubernetes clusters, gain visibility into overall risk in production, and be alerted of new vulnerabilities. Our new UI makes it easy to layer in our extensive policy language and start using Anchore’s admission controller to enforce security across your critical Kubernetes clusters. Watch a video of Runtime Image Monitoring in action.

New AnchoreCTL Client Automates Pipeline Scanning 

Designed for use with Anchore Enterprise, AnchoreCTL is a new command-line client that makes it easier to automate container scanning within the CI/CD pipeline. With AnchoreCTL, customers can distribute scanning tasks across their CI/CD platforms and pipelines, increasing throughput and reducing time-to-analyze for Anchore Enterprise. 

AnchoreCTL incorporates the capabilities of Anchore open source tools Syft (SBOM generator) and Grype (vulnerability scanner) while adding support for the reporting and compliance APIs in Anchore Enterprise. AnchoreCTL is also fully supported under the Anchore Enterprise support agreement and SLAs. Those who are ready to move from open source to Anchore Enterprise will benefit from an easy migration path from Syft and Grype to AnchoreCTL.  AnchoreCTL can be installed through a binary, container, or a growing number of package managers. Watch a video of AnchoreCTL here.

Simplified STIG Compliance for US Federal Agencies

The Federal Edition of Anchore Enterprise 3.1 greatly simplifies the process of DISA Security Technical Information Guide (STIG) checks for containers running in a Kubernetes cluster. With Anchore’s new cloud-native tool  STIG tool REM, federal agencies can fully automate what was once a time-consuming manual process. The results of STIG checks are aggregated and correlated within Anchore Enterprise, providing security teams with a single pane of glass to report on STIG compliance issues along with vulnerabilities and other compliance checks. Watch a video of STIG Compliance Checks.