Anchore Pricing

Scalable security for teams and
organizations of all sizes.

Enterprise

Based on subscription | Includes 2 analyzers

Anchore Enterprise is a comprehensive, continuous security and compliance solution that secures the software supply chain for containerized applications. Get personalized pricing for your enterprise needs today.

Federal

Based on subscription | Includes 2 analyzers

Anchore Enterprise (Federal Edition) offers all the security and compliance features of Anchore Enterprise—plus STIG checks, FedRAMP compliance, and support for air-gapped environments.

Basic
Premium
Featured Highlights
Analyzers
2 per subscription
2 per subscription
Users
Unlimited
Unlimited
Nodes
Unlimited
Unlimited
Pipeline Clients
Unlimited
Unlimited
Repositories
Unlimited
Unlimited
Support SLA
9x5
24x7
NIST & CIS Policy Packs
Checkmark
Checkmark
FedRAMP Policy Pack
Close
Checkmark
Windows & .NET Support
Close
Checkmark
Runtime Image Monitoring
Close
Checkmark
Open Source
(Syft/Grype)
Basic
Premium
Software Bill of Materials
Linux Containers
Checkmark
Checkmark
Checkmark
Windows Containers
Checkmark
Ecosystems Supported
Support for NPM, Python, Node, Java, Ruby
Checkmark
Checkmark
Checkmark
Support for Nuget (.Net)
Checkmark
Security Capabilities
CVE Scanning
Checkmark
Checkmark
Checkmark
Credential Scanning
Checkmark
Checkmark
Malware Scanning
Checkmark
Checkmark
Dockerfile Checks
Checkmark
Checkmark
Allowlist & Denylist
Checkmark
Checkmark
Base vs Application Vulnerability Diff
Checkmark
Checkmark
False Positive Management
Checkmark
Checkmark
Runtime Image Monitoring
Checkmark
Checkmark
Remediation
Remediation Recommendations
Checkmark
Checkmark
Automated Action Plans
Checkmark
Checkmark
Compliance & Audit
Dashboards and Reporting
Checkmark
Checkmark
Reporting API (GraphQL)
Checkmark
Checkmark
Graphical Policy Editor
Checkmark
Checkmark
Custom Policies
Checkmark
Checkmark
CIS Benchmarks Policy Pack
Checkmark
Checkmark
NIST 800-190 Policy Pack
Checkmark
Checkmark
FedRAMP Policy Pack
Checkmark
Integrations
CI/CD Integration
Checkmark
Checkmark
Checkmark
Kubernetes Admission Controller
Checkmark
Checkmark
3rd Party Notifications 
(Slack, Jira, GitHub, MS Teams)
Checkmark
Checkmark
Vulnerability Data
Enhanced Custom Feed Service
Checkmark
Checkmark
Air-Gapped Feed Service
Checkmark
Checkmark
Access & Authentication
Role-based Access Control
Checkmark
Checkmark
Single Sign-on (SSO)
Checkmark
Checkmark
Enterprise Authentication (LDAP/SAML)
Checkmark
Checkmark
Support
Community Help
Checkmark
Standard SLA (9x5 Support)
Checkmark
Checkmark
Premium SLA (24x7 Support)
Checkmark

Add scale without adding cost.

Unlimited Users

No user limits means your team 
is free to scale.

Unlimited Nodes

Scale your runtime environment 
without spending more.

FAQs

An Analyzer is a software process that runs in your Kubernetes cluster and processes container images one at a time. Depending on the deployment model, processing tasks can include downloading an image, generating a software bill of materials (SBOM), generating a vulnerability list, or performing policy evaluations. Two Analyzers allow you to process two container images simultaneously.

AnchoreCTL is a client that can run inside your CI/CD platform to generate an SBOM as part of a CI/CD build. AnchoreCTL scans an image locally to generate an SBOM and then sends it to Anchore Enterprise. An Analyzer then uses the SBOM to generate a vulnerability list and perform policy evaluations. This can significantly reduce the time to pass/fail a build in your CI/CD pipeline.

The time can vary based on a number of factors including image size and complexity, as well as CPU speed and memory. If an image has to be downloaded from a registry, network latency can also be a factor. General benchmarks for images that have to be downloaded from a registry range from a few seconds to a few minutes for typical very large containers. When AnchoreCTL has been used to scan images in your CI/CD pipeline and generate an SBOM, the Analyzer time is reduced as it does not have to do the SBOM generation itself

Each subscription provides two additional Analyzers, allowing you to process more images concurrently. In cases where delivery time is a concern, increasing the number of Analyzers available will increase image processing throughput. In addition, if you need Anchore installation for multiple IL environments, you will need to purchase at least one subscription per environment (e.g. IL2, IL5, etc.). Please contact sales for larger environments that need to scale above 50,000 images processed per month.

Typical teams start with installations of 4-16 Analyzers (2-8 subscriptions) for securing their container-based applications. For federal programs and agencies securing a larger number of applications and a need for high throughput capacity, more analyzers may be desired. For classified environments, a minimum of two subscriptions is typical. Anchore Solution Architects can help you determine the right size for your current and expected needs.

Each Anchore Enterprise installation must have at least one valid subscription with two Analyzers associated with it. One subscription includes two Analyzers. Subscriptions may not be divided across installations. If you have four subscriptions you may only split your eight Analyzers into groupings of two (e.g. 2, 4, 6, 8).

Analyzers can only be moved in groups of two (i.e as a whole subscription). Subscriptions may be moved from one installation to another given all subscriptions in an installation are of the same tier. Subscriptions must be moved in whole; partial or dis-aggregated subscription moves are not allowed.

Anchore Enterprise itself is delivered as a set of containers and can be deployed on nearly all Kubernetes or container platforms, whether on-premise, hosted, or in a cloud provider. As a scale-out application, Anchore can start small and grow to scan thousands of containers. Anchore Solution Architects can help you determine the best architecture based on your budget and use-case.

Multiple subscriptions of the same tier can be used in a single installation to increase the number of Analyzers but a single installation may not contain subscriptions from different tiers.

Speak with our security experts

Learn how Anchore’s SBOM-powered platform can help secure your software supply chain.