We are thrilled to announce Anchore Enterprise v6 to help you finally eliminate the “security tax” through a unified SBOM-powered compliance solution.
If you take stock of today’s application security environment, cyber threats are growing at an alarming rate: over 15k new vulnerabilities were reported in Q1 2026 alone. Add to that an even larger spike expected due to a two-fold AI effect: (1) a higher-than-ever percentage of code authored by AI code generators, and (2) AI-assisted vulnerability discovery driving a shift in the disclosure rate and frequency. Combine this with the increasing pressure from global cybersecurity regulations. What you end up with is a perfect storm of security risk and unmet expectations. To weather this storm, organizations must address the hidden “security tax” caused by juggling a multitude of disconnected tools.
Our focus for the v6 release is to provide a proactive, automated approach to securing both your applications and your software supply chain. The result? Your teams can satisfy external audits and meet industry regulations without the traditional friction. This is critically important as the CRA vulnerability and incident reporting obligations begin on September 11, 2026.
This latest version of Anchore Enterprise introduces a Unified Asset Model to combine all of your application assets into a single view for unified analysis. We have also extended our industry-leading container image analysis to virtual machines and remote filesystems, ensuring greater codebase coverage across your entire platform. To help you move faster, teams can now leverage Anchore’s multi-factor risk scoring algorithm alongside VEX annotations to eliminate false positives and focus on the most impactful security issues first.
Reduce the “Security Tax” by Turning Your SBOMs into Actionable Compliance
Most organizations incur a “security tax” by juggling a multitude of security tools, each offering its own discovery and risk assessment. Some tools operate on codebases before the build, others scan the object code after the build, while larger security platforms handle the deployment monitoring post go-live. Without a unified policy, this creates a fragmented view of risk and conflicting remediation priorities. What one tools considered acceptable before the build, another tool flags as a potential issue during pipeline checks. These conflicts are difficult to resolve and take away from a team’s productivity.
Having seen such scenarios with many of our customers, we here at Anchore set out to solve this by generating comprehensive and accurate SBOMs through analysis of container images, filesystems, and virtual machines, while also ingesting external SBOMs. We aimed for a single, deduplicated view of your packages, vulnerabilities, and compliance issues. Anchore delivers a clear path to compliance with major frameworks by leveraging the comprehensive set of policy rules aligned with key regulatory controls:
- EU Cyber Resilience Act (CRA): Future-proof your products by automating the mandatory SBOM management and vulnerability reporting required for the European market.
- Secure Software Development Framework (SSDF): Align with U.S. government software assurance requirements for secure development and SBOM disclosures.
- FedRAMP & NIST 800-53: Automate the continuous monitoring and evidence collection required for federal environments and defense contracts.
- PCI DSS: Ensure containerized payment environments meet strict vulnerability management and configuration standards.
- SOC2 & ISO 27001: Standardize your supply chain controls to satisfy auditors with verifiable, point-in-time reports.
Key Features we are introducing in Anchore Enterprise v6
Unified Asset Model for Global Compliance
Establish a normalized view across the entire SDLC with one-click generation of unified SBOMs. This directly addresses EU CRA Annex I requirements, ensuring you maintain precise documentation of software components and their dependencies across your entire footprint.
Scan Coverage for Virtual Machines and More
Achieve true “shift-left” security by detecting vulnerabilities and compliance gaps earlier. With native filesystem scanning for virtual machines, source repositories, and build artifacts, Anchore ensures complete SBOM visibility for both containerized and traditional non-containerized deployments.
Precision Triage with Anchore Score & VEX
Streamline vulnerability management by prioritizing real-world risk over static severity. By combining Anchore Score (our multi-factor risk index) with VEX (Vulnerability Exploitability eXchange) annotations, teams can instantly identify the small fraction of exploitable vulnerabilities that require immediate action while purging false positives. This enables teams to meet strict reporting timelines mandated by CRA and SEC rules.
Centralized Third-Party SBOM Management
Empower your organization to import vendor-provided SBOMs in CycloneDX and SPDX formats. Extend full lifecycle visibility into the security of software you didn’t build, ensuring compliance with emerging transparency regulations and supply chain integrity standards.
Continuous Monitoring & Automated Reporting
Leverage the unified view of your compliance status with automated notifications of vulnerability changes. Anchore v6 supports “POA&M-as-code,” allowing organizations to manage allowlists and remediation plans directly within their existing security workflows.
Shift-Left and Shield-Right
We have seen it over and over. In today’s fast-paced DevOps environments, security cannot be a bottleneck. That is why we designed Anchore Enterprise v6 to integrate seamlessly into existing CI/CD workflows, so developers can find and fix issues earlier (shifting left) while providing security teams the oversight they need for production environments (shielding right).
- Enterprise Scalability: Built to handle the rigorous demands of the world’s largest software ecosystems without compromising performance
- Proactive Compliance: Stay ahead of regulatory requirements, such as the US Cyber Executive Order and the EU CRA, with automated SBOM generation
- Operational Efficiency: Eliminate “vulnerability fatigue” by using data-driven prioritization to focus on the small percentage of risks that actually impact your environment
Get Started Today
For more details and demos, join us on June 4 for our launch webinar or contact our team for a personalized demo.
Register now to see the new Anchore Enterprise v6 features in action. Tune in at June 4 at 10am PT | 1pm ET.
