Open source software can produce surprising results. Once you create a project or application that solves real problems – and make it available under a license that enables it to be distributed throughout the world – it won’t be long before it turns up in all sorts of interesting projects and organizations.
This has certainly been true for Anchore Engine. Since the formation of the project in 2016, we’ve seen over 30,000 separate installations and broad adoption of both Anchore’s open source tools and our enterprise products. So whilst not totally unexpected, in early 2019 we were happy to learn that Anchore had been adopted by the US Department of Defense as part of its software development pipeline.
Throughout 2019, the DoD rolled out an aggressive modernization initiative, DoD Enterprises DevSecOps, championed by the USAF Chief Software Officer, Nicolas Chaillan. One of its key objectives is to introduce automated software tools, services, and standards to programs throughout the DoD. Enabling programs to create and deploy software applications in a secure, flexible, and interoperable manner is a mission that resonates strongly with the team here at Anchore.
Over the last 12 months, our team has been working extensively with key Air Force stakeholders to meet these challenges, resulting in Anchore being one of the very few tools to be mandated as part of the DoD’s DevSecOps reference design. Our software is uniquely designed to identify and understand the exact composition of software containers and can enforce user-defined acceptance policies based on any DoD compliance standards. Our engineering teams continue to work alongside resources from the DoD and partner organizations to secure and harden software containers held within the DoD’s Centralized Artifact Repository.
Based on the lessons we’ve learned so far, and the insight we continue to build, we’re pleased to announce the availability of Anchore Federal. Built on top of Anchore Enterprise, Anchore Federal adds a collection of out-of-the-box policy rules to validate compliance with the rigid security requirements of the DoD program. It also provides access, via support arrangements, to the engineering resources at the very forefront of the project to ensure partners and programs are implementing best practices. As adoption of the platform grows, Anchore engineering teams will continue to update the included policies to reflect the changing security and regulatory landscape.
The team here at Anchore are excited about our ongoing participation with the program and are fully aligned behind the mission objectives. With the introduction of Anchore Federal, we look forward to enhancing the security of federal agencies’ application development lifecycles and drive cost savings through automation and shared best practice.