With an increased focus on vulnerability scanning, it’s becoming more common to see a backlog of findings start to pile up. This creates a burden for multiple teams, slows down the development lifecycle, and increases the chances of major vulnerabilities sneaking through and infiltrating the software supply chain.
Category: Webinars
Securing the Software Supply Chain: Why Signed Attestations for SBOMs Matter
As software supply chains continue to grow in complexity, securing them is becoming an ever more daunting task. With components coming from so many possible origins, it is becoming increasingly important to establish “trust” and prevent tampering. One of the most secure ways to do this is with a signed SBOM.
Open Source to Enterprise: Which Anchore Option is Right for You?
You have choices in container security tools that range from open source to enterprise-grade platforms. Get the details on Anchore’s open source and enterprise solutions so that you can determine which option is right for you.
Five Advanced Methods for Managing False Positives in Vulnerabilities
False positives in security scans are a costly headache for both DevOps and security teams. They can slow down, or even stop the development process dead in its tracks while issues are researched to determine if they are truly issues or not. Loosen your security controls too much and you can potentially open the door for legitimate vulnerabilities to infiltrate your systems.
Three Software Supply Chain Attacks and How to Stop Them
Software supply chain attacks are on the rise. Threat actors are targeting software developers and suppliers to infiltrate source code and distribute malware to hundreds, sometimes even thousands, of victims globally… and they’re getting better at it everyday. Take a deep dive into supply chain attacks. Find out what they are, how they work, and most importantly, how to stop them.
Policy-Based Compliance for Containers: CIS, NIST, and More
Policies are an integral part of ensuring security and compliance, but what does “policy-based compliance” mean in the world of cloud-native software development? How can policies be automated to ensure the security of your container images?
Shifting Left and Right: Securing Container Images in Runtime with Anchore
Shifting security left reduces the cost to fix problems and avoids last minute delays. But to achieve continuous security and compliance, you also need to check container images in the registry and in Kubernetes at runtime.
2021 Trends in Software Supply Chain Security
What security risks are DevOps teams facing in their software supply chain as the use of software containers continues to rise? Anchore has released its 2021 Software Supply Chain Security Report, which compiles survey results from hundreds of enterprise IT, Security and DevOps leaders about the latest trends in how their organizations are adapting to new security challenges.
How to Comply with DISA STIGs for Containers using Anchore
As the US Federal government seeks to accelerate software development and improve its cybersecurity posture, the DoD and many civilian agencies are now using DISA STIGs to check the security of cloud-native and containerized applications, which introduces some new challenges.
How NVIDIA Uses Shift Left Automation to Secure Containers
As container adoption grew, NVIDIA’s Product Security team needed to provide a scalable security process that would support diverse requirements across business units. They found that traditional security scanning tools didn’t work for containers — they were complicated to use, time consuming to run, and generated too many false positives.