Today, we’re proud to be announcing the availability of Anchore Enterprise version 1.1. This release of services and software from Anchore will now provide a common framework for users seeking to achieve a secure, compliant container image environment. As container-based deployments are extending further into enterprise infrastructure, our objective has remained the same: provide technology and expertise in the areas of security and operational best-practices enforcement, in order to remove as many barriers as possible toward achieving a fully automated container build process.
With Anchore Enterprise 1.1, we have added some major improvements to core Anchore technology, based on the team’s insights as well as feedback from a growing Anchore user community. We believe that both existing and new users of Anchore will find these updates and additions powerful and easy to use.
Anchore Engine: OSS for Enterprise
At the core of Anchore Enterprise 1.1 is the open-source Anchore Engine. Anchore Engine is a stand-alone service that deploys anywhere that can run a container, providing a broad API for users, clients and CI/CD frameworks alike to request container image content analyses, perform security scans, generate a variety of reports, and execute customizable security and best-practice policy evaluations. Anchore Engine can be used interactively, has been integrated into leading CI/CD frameworks for build-time security enforcement, and provides mechanisms to constantly scan and evaluate policies against your container images as new vulnerabilities are published or your own policy definitions evolve. While the latest Anchore Engine is always freely available as an open-source offering, many enterprise-focused improvements have been introduced since the last Anchore Enterprise release, including:
- Ability to scale up the Anchore Engine service to accommodate large numbers of image scans, both in aggregate and per unit time
- Introduction of both OS package (RPMs, Debian Package, Alpine Package) scans as well as Non-OS, language package (Node NPM, Ruby GEM, Python, and Java Archive) content and security scans
- Refined policy language, including the ability to tune, in fine detail, security checks and image content checks
Extended query capabilities, for obtaining deep information about the contents of container images and their build metadata
- Enterprise storage integrations against AWS S3, Swift, and other S3 compatible storage back-ends
- Introduction of an event subsystem that provides detail records for information and error level system events, from the engine
- Availability of Prometheus metrics, for integration into service monitoring systems that can consume Prometheus data sources
- Many system improvements largely targeted at processing and reporting against very large container image sets, over time.
The latest version of Anchore Engine is 0.2.4, which is at the core of Anchore Enterprise 1.1.
New for this release, we’re excited to introduce the Anchore Enterprise UI, which is an on-premises service that provides Anchore users a fully graphical console, accessible via any client browser. The Anchore Enterprise UI console includes:
- Graphical container image navigation, showing all container registries, repositories, images and image histories in an interface that makes for simple viewing and navigation of the global collection of container images
- Ability to add new images or entire image repositories via a simple graphical control
- Complete and deep image overview, including individual controls for reviewing image contents, security scan reports, and policy evaluation results
- Ability to generate PDF reports for sharing or offline review
- A graphical changelog application, where users can see at a glance the differences between container images over time, at a fine-grained level of detail
- An event log viewer, for Anchore operators to see and filter operational events that are being retrieved from the Anchore Engine
- Container image registry configuration UI, where users can add image public and private registry credentials, supporting
- Azure, AWS, Google, and any docker v2 on-premises registry
- A policy manager control, to help manage your set of policies for the different phases of your container environment
- A graphical policy editor for creating, testing and tuning Anchore security, compliance and best-practice enforcement policies
Anchore Enterprise On-prem Services
Full Control Over Vulnerability Data & Air-Gapped Operation
Anchore Enterprise 1.1 includes access to a fully on-premises Anchore Feed Service, which gives users the ability to control the access and update frequency of external vulnerability data. With the inclusion of this service, users can deploy Anchore Enterprise in an air-gapped (limited/manual access to the Internet) environment, to fully support deployments running with strict data provenance and access requirements. The Anchore Feed Service includes:
- Ability to enable air-gapped installations of Anchore
- API that is accessible to Anchore Engine seamlessly, for transferring vulnerability and other external data sources
- API for monitoring the operation of the Feed Service itself
With Anchore Enterprise 1.1, available immediately, we aim to provide organizations who have already deployed a container-based environment, groups in the process of migrating to containers now, and teams planning for the future with a suite of tools and services that provide automated enforcement of security, compliance and best-practice policies, integrated directly in the build process or anywhere container images exist. We sincerely hope you enjoy our latest release, and look forward to working with you!
For more information on requesting a trial, or getting started with Anchore Enterprise 1.1, go to anchore.com/enterprise or click the button below:
Try our enterprise-ready security and compliance platform today.