Category: Webinars
Understanding SBOMs: How to Automate, Generate and Manage SBOMs
Understanding SBOMs: An Introduction to Modern Development
2024 Trends in Software Supply Chain Security
STIG 101: Insights for Compliance and Cyber Readiness
Introducing the Anchore Data Service
Expert Series: Solving Real-World Challenges in FedRAMP Compliance
Accelerate FedRAMP Compliance on Amazon EKS with Anchore
How SBOMs Protect Google’s Massive Software Supply Chain
Adopting the DoD Software Factory Model: Insights & How Tos
Carahsoft: Automated policy enforcement for CMMC with Anchore
Easy Compliance is Continuous Compliance
DevSecOps – Editorial Roundtable
How to Secure Your Kubernetes Software Supply Chain at Scale
SBOM & Vulnerability Scanning with Anchore and Palette
A tale of Scale & Speed: How the US Navy is Enabling Software Delivery from Lab to Fleet
Zero Trust Webinar with Security Boulevard
Adapting to the new normal at NVD with Anchore Vulnerability Feed
Software Security in the Real World
Tracking License Compliance Made Easy: Intro to Grant (OSS)
FedRAMP and SSDF Compliance: How to Sell to the Federal Government
NIST 800-53: The Important Things to Know
Anchore’s VIPERR Framework
How Speed and Agility Are Transforming Platform One
Scanner Safari: Surveying Vulnerability Scanners in the Wild
Fireside Chat with NVIDIA: Scaling Software Security
Deep Dive Into the CISA and NSA Best Practices for CI/CD Environments
Ask Me Anything: Roadblocks to SBOMs
SSDF: Myths vs Reality
Why Traditional SCA Just Doesn’t Cut It
Software Composition Analysis, or SCA, is a term that has been around for some time. But actually understanding…
Five Insider Tips to Federal Compliance
SBOMs on the Road: Thrilling Tales of Software Supply Chain Security
Practical Advice: How to Manage Federal Cybersecurity Requirements
Ask Me Anything: SBOMs and the Executive Order
The software supply chain is under intense pressure and scrutiny with the rise of malicious attacks that target open source software and components. Over the past year the industry has received guidance from the government with the Executive Order on Improving the Nation’s Cybersecurity and the most recent M-22-18 Enhancing the Security of the Software Supply Chain through Secure Software Development Practices. Now, perhaps more than ever before, it’s critical to have a firm understanding of the integrity of your software supply chain to ensure a strong security posture. This webinar will provide you with open access to a panel of Anchore experts who can discuss the role of a software bill of material (SBOM) and answer questions about how to understand and tackle government software supply chain requirements.
Top Four Types of Software Supply Chain Attacks and How to Stop Them
It’s no secret that software supply chain attacks are on the rise. Hackers are targeting developers and software providers to distribute malware and leverage zero-days that can affect hundreds, sometimes even thousands, of victims downstream. In this webinar, we’ll take a deep dive into four different attack methods, and most importantly, how to stop them.
Practical Advice for Complying with Federal Cybersecurity Directives: 7 Things You Should Do Now
Join an open source security leader and a former DoD DevSecOps engineer for actionable tips on successfully aligning your leadership, culture, and process to comply with federal cybersecurity directives.
Top 4 Best Practices for Securing Your Source Code Repositories
Source code is the cornerstone of software development and if not stored and managed securely, could lead to the collapse of your entire pipeline. In this webinar we’ll look at the top four best practices for securing your source code repositories.
How to Meet the 6 FedRAMP Vulnerability Scanning Requirements for Containers
If you are tasked with implementing FedRAMP security controls for containerized workloads, this webinar is for you. We’ll walk you through a step-by-step process to explain how Anchore Enterprise can help you prepare a response for each of the six scanning requirements outlined in the FedRAMP Vulnerability Scanning Requirements for Containers.
SBOM-powered Software Supply Chain Management
SBOMs are quickly becoming the foundational element of software supply chain security. With the release of Anchore Enterprise 4.0, we are building on our existing SBOM capabilities to create the first SBOM-powered software supply chain management solution.
Policy-Based Compliance for Containers: CIS, NIST, and More
Policies are an integral part of ensuring security and compliance, but what does “policy-based compliance” mean in the world of cloud-native software development? How can policies be automated to ensure the security of your container images?
Best Practices for Securing Open Source Software for Enterprises
Open source software is everywhere, and it’s here to stay. Yet 45% of respondents to Anchore’s 2022 Software Supply Chain Security Report still cite securing OSS as their top container security challenge.
2022 Trends in Software Supply Chain Security
Anchore surveyed hundreds of security and DevOps leaders at large enterprises on their software supply chain security practices. Their answers reveal that a top trend in 2022 is a focus on securing software supply chains as the use of software containers continues to rise.
Container Security Best Practices: Zero-Days
Jan 26th @ 2pm EST/11am PST
7 Software Supply Chain Security Actions to Take in 2022
Join us Jan 12th @ 2pm EST/11am PST to learn how to plan your “Day 2” for Log4j and future zero-day vulnerabilities, leverage SBOMs as a foundation for supply chain security, and expand automation against malware, cryptomining, and leaked secrets.
Securing Cloud-Native Software to Comply with FedRAMP, STIGs, and More
Federal compliance requirements are constantly evolving to meet the growing challenges and complexities of securing the software supply chain. The task of meeting these compliance standards for cloud-native applications and containers can be overwhelming, but it doesn’t have to be.
4 Ways to Reduce your Vulnerability Remediation Backlog in the SDLC
With an increased focus on vulnerability scanning, it’s becoming more common to see a backlog of findings start to pile up. This creates a burden for multiple teams, slows down the development lifecycle, and increases the chances of major vulnerabilities sneaking through and infiltrating the software supply chain.
Securing the Software Supply Chain: Why Signed Attestations for SBOMs Matter
As software supply chains continue to grow in complexity, securing them is becoming an ever more daunting task. With components coming from so many possible origins, it is becoming increasingly important to establish “trust” and prevent tampering. One of the most secure ways to do this is with a signed SBOM.
Open Source to Enterprise: Which Anchore Option is Right for You?
You have choices in container security tools that range from open source to enterprise-grade platforms. Get the details on Anchore’s open source and enterprise solutions so that you can determine which option is right for you.
Five Advanced Methods for Managing False Positives in Vulnerabilities
False positives in security scans are a costly headache for both DevOps and security teams. They can slow down, or even stop the development process dead in its tracks while issues are researched to determine if they are truly issues or not. Loosen your security controls too much and you can potentially open the door for legitimate vulnerabilities to infiltrate your systems.
Three Software Supply Chain Attacks and How to Stop Them
Software supply chain attacks are on the rise. Threat actors are targeting software developers and suppliers to infiltrate source code and distribute malware to hundreds, sometimes even thousands, of victims globally… and they’re getting better at it everyday. Take a deep dive into supply chain attacks. Find out what they are, how they work, and most importantly, how to stop them.
Policy-Based Compliance for Containers: CIS, NIST, and More
Policies are an integral part of ensuring security and compliance, but what does “policy-based compliance” mean in the world of cloud-native software development? How can policies be automated to ensure the security of your container images?
Shifting Left and Right: Securing Container Images in Runtime with Anchore
Shifting security left reduces the cost to fix problems and avoids last minute delays. But to achieve continuous security and compliance, you also need to check container images in the registry and in Kubernetes at runtime.
2021 Trends in Software Supply Chain Security
What security risks are DevOps teams facing in their software supply chain as the use of software containers continues to rise? Anchore has released its 2021 Software Supply Chain Security Report, which compiles survey results from hundreds of enterprise IT, Security and DevOps leaders about the latest trends in how their organizations are adapting to new security challenges.
How to Comply with DISA STIGs for Containers using Anchore
As the US Federal government seeks to accelerate software development and improve its cybersecurity posture, the DoD and many civilian agencies are now using DISA STIGs to check the security of cloud-native and containerized applications, which introduces some new challenges.
How NVIDIA Uses Shift Left Automation to Secure Containers
As container adoption grew, NVIDIA’s Product Security team needed to provide a scalable security process that would support diverse requirements across business units. They found that traditional security scanning tools didn’t work for containers — they were complicated to use, time consuming to run, and generated too many false positives.
Why an SBOM Is Critical for Cybersecurity and How To Create One
With recent high profile supply chain attacks, the software-bill-of-materials (SBOM) is becoming a critical foundation for cybersecurity. Organizations must understand all of the components in the applications they build so that they can properly secure them.
How To Secure Your DevOps Pipeline In a Post-SolarWinds World
DevOps lets developers innovate faster. But some normal DevOps processes can create the opportunity for bad actors or dangerous code to enter your DevOps pipeline and your software applications.
7 Must-Dos To Expedite FedRAMP for Containers
Getting FedRAMP authorization for your containerized applications can be daunting. You must comply with new requirements detailed in the recent FedRAMP Vulnerability Scanning Requirements for Containers.
Container Security Best Practices That Scale
Organizations are increasingly developing cloud-native software to serve the needs of customers, partners, and employees. They must ensure the security of these applications that are delivered using container technologies.
How To Secure Containers From Software Supply Chain Attacks
Software applications today include components from many sources, including open source, commercial components, and proprietary code. As software supply chain attacks have increased over the past several years, organizations must embed continuous security and compliance checks in every step of their software development process, from sourcing to CI/CD pipelines to production.
How To Secure Containers Across the SDLC With Anchore 3.0
With software supply chain attacks making headlines, it’s important to know how to secure containers at all phases of the software development lifecycle. You need to prevent security problems from reaching production and ensure that security issues are found earlier and fixed at a lower cost.
Achieving Continuous ATO With Anchore
Given the recent attacks on the supply chain, security is the most essential aspect of software development, particularly when it comes to government and critical infrastructure. Anchore’s DoD-approved container scanning capabilities can help you speed up compliance and vulnerability scanning–expediting the ATO process and helping you go live with applications faster.