The ongoing partnership between Anchore and GitLab streamlines DevSecOps processes and reduces re-work for developers

SANTA BARBARA, CALIFORNIA -- January 28, 2021 --  Today Anchore, the leading providers of continuous security and compliance for containers, has announced an integration with GitLab, the complete DevSecOps platform, delivered as a single application. With this integration, organizations will be able to automate security and compliance checks from the early stages of the development cycle, speeding software development and reducing risks. Anchore also announces it has joined the GitLab partner program.

Anchore now integrates seamlessly with GitLab to simplify security and compliance workflows for developers and to enable DevSecOps practices. Anchore performs deep container image scanning that identifies vulnerabilities and surfaces a wide range of security and policy infractions, including vulnerabilities and other risks during development. Together, the Anchore and GitLab security integrations will:

  • Display vulnerability results of container scans directly in GitLab security dashboards
  • Surface these findings in merge requests that identify changes needed to remediate issues
  • Enable updating of merge requests with a package version to resolve vulnerabilities
  • Seamlessly manage the risk profile in one place through GitLab’s Risk Management Framework (RMF), reducing the friction of typical software security scanning 

“Digital transformation has changed software development practices as organizations seek to deliver applications more quickly and update them more frequently. This shift, combined with increasing cybersecurity threats, requires developers to implement security and compliance checks throughout the DevSecOps life cycle. The integration between Anchore and GitLab helps to automate these DevSecOps best practices for enterprises, government agencies, and open source communities,” said Saïd Ziouani, Anchore CEO and Cofounder.

”Strengthening the software development security and compliance postures of enterprises and public sector organizations is paramount to the missions of both GitLab and Anchore. We are pleased to partner through this integration to help our joint customers to increase their speed to mission delivery and to reduce the risks associated with software development,” said GitLab Vice-President of Global Channels, Michelle Hodges.

The U.S. Department of Defense (DoD) uses both Anchore and GitLab as part of their Platform One Initiative to speed the development of secure and compliant software. Anchore is used to develop hardened containers for Iron Bank (DoD’s software repository for containers) based on DoD best practices. 

”Today, more than ever before, security is the most essential aspect of software development for government and critical infrastructure—and is the core of the DoD DevSecOps Initiative and Platform One. Now developers have the ability to push validated code into production on an ongoing basis, resulting in shorter development cycles, less debugging, and more rapid feature development,” said Major Robert Slaughter, Director of DoD Platform One.

GitLab and Anchore will continue to explore how this integration enables those in the public sector to achieve digital transformation during the upcoming “A Day in the Life of a Developer:  Accelerating Software Delivery without Compromising Security” webinar on March 4, 2021 at 2 pm ET. 

Enterprise organizations seeking to implement security and compliance checks throughout the DevOps lifecycle can learn more in the Anchore whitepaper, Fundamentals of Container Security.”

Related links:

DoD DevSecOps Initiative

Platform One

About Anchore

Anchore enables organizations to speed digital transformation and reduce risks by streamlining the development of secure and compliant cloud-native applications. Anchore’s solutions integrate with the DevOps toolchain to automate security and compliance checks throughout the software development lifecycle. Organizations can reduce costs and accelerate time to market by remediating security and compliance issues early and continuously. Headquartered in California with offices in Virginia and the UK, Anchore’s customers include large enterprises and government agencies that require secure and compliant cloud-native applications. To learn more about Anchore’s solutions, visit  

About GitLab

GitLab is a DevOps platform built from the ground up as a single application for all stages of the DevOps lifecycle enabling Product, Development, QA, Security, and Operations teams to work concurrently on the same project. GitLab provides a single data store, one user interface, and one permission model across the DevOps lifecycle. This allows teams to significantly reduce cycle times through more efficient collaboration and enhanced focus.

Built on Open Source, GitLab works alongside its growing community, which is composed of thousands of developers and millions of users, to continuously deliver new DevOps innovations. More than 100,000 organizations from startups to global enterprises, including Ticketmaster, Jaguar Land Rover, NASDAQ, Dish Network, and Comcast trust GitLab to deliver great software faster. All-remote since 2014, GitLab has nearly 1,300 team members in 69 countries. To learn more about GitLab’s solutions, visit

# # # 

Media contact:

Brandie Gerrish

[email protected]