Events
Join Anchore Open Source Team: Live Stream
Join us on Thursdays for “Open Source Gardening,” a live stream where the Developer Relations team works with the Engineering minds behind Anchore’s open-source tools, Syft, Grype, and the rest of the family.
We will spend a relaxed hour working on issues and pull requests. There will be technical discussions, some roadmap planning, and audience questions. Every week we stream live on the Anchore YouTube channel.
From Paperwork to Provenance: Navigating the FedRAMP 20x Pivot
The “standard” FedRAMP playbook has been rewritten. With the full-scale rollout of FedRAMP 20x in 2026, the program has officially shifted from static, narrative-based documentation to a model of continuous validation and machine-readable evidence. For security engineering teams, this isn’t just a policy update—it is a fundamental change in how cloud-native architectures must be built, audited, and maintained.
Together with InfusionPoints we dissect the new FedRAMP 20x milestones to answer the “how” of engineering for federal scale in the age of AI and automated GRC.
Key Discussion Points
- The Key Security Indicators (KSIs) Shift: How to move from “writing a policy” to “streaming a metric.”
- 2026 AI Governance Overlays: What does “trustworthy AI” look like in a machine-readable authorization package?
- Legacy Rev5 vs. 20x Validated: When to switch from “Certified” (Rev5) path to “Validated” (20x) to avoid the 2027 end-of-life for legacy submissions.
- Automation-First Architecture: Engineering your CI/CD pipelines to output OSCAL-compliant logs that satisfy the new machine-readable submission requirements (RFC-0024).
- The “No-Sponsor” Strategy: How to bypass the agency-sponsor bottleneck by leading with technical maturity.
SBOM or Bust: Automating compliance for EU CRA & Beyond
Let’s be honest: keeping up with cybersecurity regulations feels like a full-time job. Between the EU Cyber Resilience Act (CRA), Payment Card Industry Data Security Standard (PCI DSS), NIS2, NIST’s Secure Software Development Framework (SSDF), and FedRAMP, security and compliance engineers are being buried in a mountain of complex, mandatory requirements. It’s no longer just about checking a box; it’s about proving—with machine-readable evidence—that your software supply chain isn’t a liability.
In this session, Roman Zhukov, Open-Source Security Strategy at RedHat, Dr. Andreas Kotulla, Founder & CEO of Bitsea, and Alex Rybak, Sr. Director of Product from Anchore, are discussing:
- CRA Survival Guide
- SBOMs as a Secret Weapon
- Automating Compliance Processes
- Anchore v6 Sneak Peek
- A Real-World Playbook