In my first three months here at Anchore, I’ve experienced firsthand the highs and lows of working with new technologies. The adoption of any new tool comes with a learning curve that includes the process of trial and error. In this post, I’d like to share some tips relating to common issues that I’ve seen …
Top 5 Tips for New Anchore Engine/Enterprise Users Read More »
Recent announcements from Atlassian have made several powerful new features of the Bitbucket platform available worldwide – at Anchore, this means that our official Anchore Scan Pipe for Atlassian Bitbucket Pipelines is also now generally available, bringing container image security and compliance scanning ever closer to your Atlassian Bitbucket based automated software delivery systems. Pipelines …
With the release of Anchore Enterprise 2.3 (built upon Anchore Engine v0.7.1), we are happy to announce a new feature of our reporting service: the ability to run scheduled reports. Scheduled reporting is used to create custom queries, set a report to run on an automated schedule (or store the configuration for future use). Automatic …
Anchore Enterprise 2.3 Feature Series – Scheduled Reports Read More »
With the recent release of version 2.3, Anchore Enterprise now supports scanning of Windows container images and the addition of a new feed source for identifying Windows vulnerabilities: Microsoft Security Response Center (MSRC). MSRC Microsoft Security Response Center maintains reports of security vulnerabilities affecting Windows systems in its Security Update Guide. In addition to publishing …
With the release of Anchore Engine 0.7.0 and Anchore Enterprise 2.3, we are happy to share that you can now scan for vulnerabilities in NuGet packages inside your container images. This new language package support is made possible by the addition of the GitHub Security Advisories data source into Anchore. You can read more about …
Anchore Enterprise 2.3 Feature Series – NuGet Package Support Read More »
There’s an odd mix of fearlessness and fear that surrounds our constant need for innovation in modern business. It takes courage to risk striking out in a new direction, turning your back on the perceived stability of the status quo. And yet, in many industries, the compulsion for innovation is fuelled by a very real …
Risk and Reward, Container Security in the Swiss Banking Sector Read More »
Over the last year, we received great feedback from our customers regarding our Container Security for U.S. Government Information Systems white paper. Today, we are publishing version 2.0, which updates and expands upon last year’s document. The two central challenges for Federal organizations remain the same: Security and compliance guidelines are increasing in both urgency …
Container Security for Government Information Systems Read More »
With the release of Anchore Enterprise 2.3 (built upon Anchore Engine v0.7.1), we are happy to announce a new feed provider: GitHub Security Advisories (GHSA). GHSAs are another source of data that Anchore uses to match vulnerabilities to packages within a container. In this post, we will look into what GHSAs include, describe how Anchore …
Anchore 2.3 Feature Series – GitHub Security Advisories Read More »
Today, we announced the availability of Anchore Enterprise 2.3 for our enterprise and federal government customers. Keeping to a 4-month development cycle since our last release, 2.3 includes some big new features that see expanded coverage for Windows containers and .NET packages as the headline. Microsoft is the original developer-champion; combined with their acquisition of GitHub, …
In order to shift security left in the development lifecycle without compromising production velocity, security requirements must be automated and embedded into continuous integration / continuous delivery workflows. Organizations can achieve this through the automated implementation, verification, remediation, monitoring and reporting of compliance into the development pipeline. Furthermore, organizations can manage security requirements in code …
