As the popularity of APIs has swept the software industry, API security has become paramount, especially for organizations in highly regulated industries. DreamFactory, an API generation platform serving the defense industry and critical national infrastructure, required an air-gapped vulnerability scanning and management solution that didn’t slow down their productivity. Avoiding security breaches and compliance failures are non-negotiables for the team to maintain customer trust.
Challenge: Security Across the Gap
DreamFactory encountered several critical hurdles in meeting the needs of its high-profile clients, particularly those in the defense community and other highly regulated sectors:
- Secure deployments without cloud connectivity: Many clients, including the Department of Defense (DoD), required on-premises deployments with air-gapping, breaking the assumptions of modern cloud-based security strategies.
- Air-gapped vulnerability scans: Despite air-gapping, these organizations still demanded comprehensive vulnerability reporting to protect their sensitive data.
- Building high-trust partnerships: In industries where security breaches could have catastrophic consequences, establishing trust rapidly was crucial.
As Terence Bennett, CEO of DreamFactory, explains, "The data processed by these organizations have the highest national security implications. We needed a solution that could deliver bulletproof security without cloud connectivity."
Solution: Anchore Enterprise On-Prem and Air-Gapped
To address these challenges, DreamFactory implemented Anchore Enterprise, which provided:
- Support for on-prem and air-gapped deployments: Anchore Enterprise was designed to operate in air-gapped environments, aligning perfectly with DreamFactory's needs.
- Comprehensive vulnerability scanning: DreamFactory integrated Anchore Enterprise into its build pipeline, running daily vulnerability scans on all deployment versions.
- Automated SBOM generation and management: Every build is now cataloged and stored (as an SBOM), providing immediate transparency into the software's components.
"By catching vulnerabilities in our build pipeline, we can inform our customers and prevent any of the APIs created by a DreamFactory install from being leveraged to exploit our customer's network," Bennett notes. "Anchore has helped us achieve this massive value-add for our customers."
Results: Developer Time Savings and Enhanced Trust
The implementation of Anchore Enterprise transformed DreamFactory's security posture and business operations:
- 75% reduction in time spent on vulnerability management and compliance requirements
- 70% faster production deployments with integrated security checks
- Rapid trust development through transparency
"We're seeing a lot of traction with data warehousing use-cases," says Bennett. "Being able to bring an SBOM to the conversation at the very beginning completely changes the conversation and allows CISOs to say, 'let's give this a go'."
Conclusion: A Competitive Edge in High-Stakes Environments
By leveraging Anchore Enterprise, DreamFactory has positioned itself as a trusted partner for organizations requiring the highest levels of security and compliance in their API generation solutions. In an era where API security is more critical than ever, DreamFactory's success story demonstrates that with the right tools and approach, it's possible to achieve both ironclad security and operational efficiency.
Are you facing similar challenges hardening your software supply chain in order to meet the requirements of the DoD? By designing your DevSecOps pipeline to the DoD software factory standard, your organization can guarantee to meet these sky-high security and compliance requirements. Learn more about the DoD software factory standard by downloading our white paper below.