Anchore Container Scan GitHub Action Makes it Easy for Developers to Analyze Container Images for Known Vulnerabilities Before Publishing Them for Use
SAN FRANCISCO, CA — November 13, 2019 — Anchore Inc., experts in container workflow, analysis and security, today announced the availability of the Anchore Container Scan action for GitHub Actions. GitHub Actions, which becomes generally available at the GitHub Universe annual conference, enable developers to create custom software development life cycle (SDLC) workflows directly in their GitHub repositories. With the Anchore Container Scan action, developers can now automatically trigger deep inspections of container images to create a full software manifest with comprehensive security findings, thereby preventing the release of software that fails to meet defined standards.
Anchore Engine, first released in 2017, is an open source tool for performing deep inspection and policy-driven analysis of container images. It is the only tool focused 100% on container-native analysis and goes beyond basic source and binary scanning by probing the configuration and contents of container images. Anchore Engine is the core of Anchore Enterprise, a full-featured container security workflow solution for enterprises in highly-regulated industries.
“Thanks to open source and critical platforms like GitHub, the software supply chain is moving more quickly than ever,” said Saïd Ziouani, CEO of Anchore. “Introducing security best practices as early as possible in the development process has become critical for all those who produce and consume software. The Anchore Container Scan action will allow any GitHub user to easily trigger deep image inspection and analysis, establishing a baseline of security for their projects.”
Developers can activate the Anchore Container Scan Action from its page on the GitHub Actions Marketplace.
Read more about Anchore GitHub Actions here.