With this extension, Anchore is further integrating into the Docker ecosystem with tools that help improve software supply chain security
Santa Barbara, Calif – May 10, 2022 – Anchore, a leader in software supply chain security, today announced that it is the newest member of the Docker Extension Program. The Anchore Docker Desktop Extension conducts a powerful analysis that proactively scans and displays the software components in each container image. With this instant analysis of container images, developers and security engineers have the information available to make informed decisions about the security of their software supply chain.
The Anchore Docker Desktop Extension is unique because it seamlessly scans each container image behind the scenes, without requiring developers to request an individual scan or wait for a scan to complete. Instead, the Anchore extension instantly displays the number and type of packages along with vulnerabilities segmented by severity level, allowing users to easily search for specific packages or vulnerabilities. The extension analyzes the container images locally, keeping all data on the user’s machine. It is built on the open source Syft and Grype tools and continually monitors the set of images with unlimited, automatic scans.
“Docker is obsessed with developer ergonomics and is committed to filling and improving the developer experience gap,” said Webb Stevens, Docker’s SVP of Secure Software Supply Chain. “We welcome Anchore to the Docker Extension marketplace, expanding the applications and capabilities available for millions of registered Docker developers.”
This new extension further expands integration points between Anchore and the Docker ecosystem. Last month Anchore and Docker collaborated to launch the ‘docker sbom’ command that generates an SBOM for any Docker image. Anchore also recently released a new version of its AnchoreCTL tool which now can upload SBOMs generated by the ‘docker sbom’ command to Anchore Enterprise, enabling organizations to centrally store their SBOMs and continually monitor them for any new vulnerabilities that may arise.
According to the Gartner® Innovation Insight for SBOMs report, “the lack of visibility and transparency into proprietary and open-source dependencies within the software supply chain exacerbates security and compliance risks.” It also states that “software engineering teams often lack the tools, practices and standards to systematically discover and share details about vulnerable software packages across the organization.”
Docker Extensions demonstrates Docker’s commitment to improving the developer experience by bringing the tools developers use most to an environment where they can more easily focus on innovation, and less time on everything else. Inclusion of the Anchore Docker Desktop Extension provides a frictionless developer experience while providing transparency into the software supply chain.
*Gartner, “Innovation Insight for SBOMs”, Manjunath Bhat, Dale Gardner, Mark Horvath, February 14, 2022.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Anchore is a leader in software supply chain security and enables organizations to protect cloud-native applications against software supply chain attacks. Anchore technology embeds continuous security and compliance checks at every stage of the software development process to prevent security risks from reaching production. Large enterprises and government agencies use Anchore solutions to generate a comprehensive software bill of materials, pinpoint vulnerabilities, identify malware, and discover unprotected credentials that can lead to hacks and ransomware. With an API-centric approach, Anchore solutions integrate into the tools developers already use to detect issues earlier, saving time and lowering the cost to fix vulnerabilities.