Anchore Enterprise 3.2 Provides Increased Visibility to Eliminate More Risks in the Software Supply Chain

Anchore Enterprise 3.2 Provides Increased Visibility to Eliminate More Risks in the Software Supply Chain

New release for enterprises will identify vulnerabilities, security risks, misconfigurations and bad practices to help develop secure cloud-native software applications 

Santa Barbara, Calif – October 5, 2021Anchore, a leader in software supply chain security, today announced the release of Anchore Enterprise 3.2 with key features that enable organizations to protect against more security risks and vulnerabilities in their software supply chain. 

“Being able to easily surface software components that have vulnerabilities, malware, secrets, and other security risks is essential for developers and security engineers,” said Neil Levine, Vice President of Product at Anchore. “With 64 percent of large enterprises impacted by software supply chain attacks, Anchore is focused on providing organizations with best-in-class tools to proactively combat against these threats to software integrity.”

Anchore Enterprise 3.2 introduces richer visibility into software components so risks can be identified and quickly mitigated. Key capabilities include:

Identify Vulnerabilities More Accurately with Our Next-Generation Scanning Engine

Anchore Enterprise 3.2 now uses a next-generation vulnerability scanning engine that builds upon capabilities in Anchore’s open source tool Grype and also delivers more accurate results. Users of Anchore Enterprise 3.2 will gain all of the additional features of false positive management and benefit from consistent results between Anchore’s open source and commercial tools, simplifying the transition. 

Support for Scanning SUSE Enterprise Linux

Anchore Enterprise 3.2 can now scan and continuously monitor SUSE software container images for security issues present in installed SUSE packages to improve security posture and mitigate threats. SUSE packages are now included in the software bill of materials (SBOM) and can be shared externally for compliance. Users can also apply Anchore’s customizable policy enforcement to SUSE packages and vulnerabilities.

Expanded Options for Policy Rules in the UI

Anchore Enterprise users now have the ability to see more SBOM file details in the user interface (UI) that were previously available only through the API. This visibility enables users to easily view data that can be instrumental in creating and tuning policy rules. The UI data additions include secret checks for identifying credential information inadvertently included in container builds and file content checks for developer best practices such as making sure configurations are set correctly. The UI also now allows you to access retrieved files that were previously designated to be saved during the scan for additional policy checks. 

More Allowlist Customization Options in the UI

Users now have additional Allowlist customization options in the UI. Allowlists enable development teams to continue working while issues are being investigated. Now in addition to vulnerabilities, users can add all other policy check results to Allowlists through the UI which permits them to override specific policy violations for a more accurate final pass or fail recommendations on image scans.

Go here for more information about the new release details of Anchore Enterprise 3.2.  

About Anchore

Anchore is a leader in software supply chain security and enables organizations to protect cloud-native applications against software supply chain attacks. Anchore technology embeds continuous security and compliance checks at every stage of the software development process to prevent security risks from reaching production. Large enterprises and government agencies use Anchore solutions to generate a comprehensive software bill of materials, pinpoint vulnerabilities, identify malware and discover unprotected credentials that can lead to hacks and ransomware. With an API-centric approach, Anchore solutions integrate into the tools developers already use to detect issues earlier, saving time and lowering the cost to fix vulnerabilities. To learn more visit www.anchore.com