The Iron Bank provides Platform One and any US Department of Defense (DoD) agency with a hardened and centralized container image repository that supports the end-to-end lifecycle needed for secure software development. Anchore and the Iron Bank have been collaborating since 2020 to balance deployment velocity, and policy compliance while maintaining rigorous security standards and adapting to new security threats.
The Challenge
The Iron Bank development team is responsible for the integrity and security of 1,800 base images that are provided to build and create software applications across the DoD. They face difficult tasks such as:
- Providing hardened components for downstream applications across the DoD
- Meeting rigorous security standards crucial for military systems
- Improving deployment frequency while maintaining policy compliance
- Reducing the burden of false positives on the development team
Camdon Cady, Chief Technology Officer at Platform One:
People want to be security minded, and they want to do the right thing. But what they really want is tooling that helps them to do that with all the necessary information in one place. That's why we looked to Anchore for help.
The Solution
Anchore’s engineering team is deeply embedded with the Iron Bank infrastructure and development team to improve and maintain DevSecOps standards. Anchore Enterprise is the software supply chain security tool of choice as it provides:
- An on-premise, distributed container image scanner
- A turnkey SBOM (Software Bill of Materials) generation and management solution
- An automated policy engine to evaluate and enforce security standards and compliance
The Results: Sustainable security at DevOps speed
The partnership between Iron Bank and Anchore has yielded impressive results:
- Reduced False Positives: The introduction of an exclusion feed captured over 12,000 known false positives, significantly reducing the security assessment load.
- Improved SBOM Accuracy: Custom capabilities like SBOM Hints and SBOM Corrections allow for more precise component identification and vulnerability mapping.
- Standardized Compliance: A jointly developed custom policy enforces the DoD Container Hardening requirements consistently across all images.
- Enhanced Scanning Capabilities: Additions like time-based allowlisting, content hints, and image scanning have expanded Iron Bank's security coverage.
- Streamlined Processes: The standardized scanning process adheres to the DoD's Container Hardening Guide while delivering high-quality vulnerability and compliance findings.
Even though security is important for all organizations, the stakes are higher for the DoD. What we need is a repeatable development process. It’s imperative that we have a standardized way of building secure software across our military agencies.
Camdon Cady, Chief Technology Officer at Platform One
Download the full case study to learn more about how Anchore Enterprise can help your organization achieve a proactive security stance while maintaining development velocity.