Discover, Analyze, and Certify Container Images with Anchore

Do You Know What’s Beneath the Surface of Your Containers?

Image scanning solutions focus on scanning the operating system image for known vulnerabilities (CVEs). While this is a critical check to perform it is just the first step. An image may contain no operating system packages with known vulnerabilities but may still be insecure, mis-configured or in some other way out of compliance.

Anchore analysis tools inspect your container image and generate a detailed manifest of the image, a virtual ‘bill of materials’ that includes official operating system packages, unofficial packages, configuration files and language modules and artifacts such as NPM, PiP, GEM, and Java archives.

Using Anchore tools policies can be defined that specify rules to govern security vulnerabilities, package whitelists and blacklists, configuration file contents, presence of credentials in image, manifest changes, exposed ports or any user defined checks. These policies can be deployed site wide or customized for specific images or categories of applications.

Use Cases for Anchore

Analyze Container Images

Inspect your container image and generate a detailed list that includes official OS packages, unofficial packages, config files, language modules, and artifacts such as NPM, PiP, GEM, and Java archives.

Define & Enforce Policies

Define policies to govern security vulnerabilities, package whitelists and blacklists, configuration file contents, credentials in image, manifest changes, exposed ports or any user defined checks.

Integrate into Workflow

Anchore can be run at any point in the development pipeline to produce reports or to evaluate policies allowing policy violations to be caught and fixed early in the development lifecycle.

Orchestration Integration

Integrate with orchestration platforms such as Kubernetes to ensure that only images that are certified by your organization are run.

A Solution for Every Use Case

With deployment options to suit every need: Cloud hosted, on-premises or open source

Anchore Cloud

With Anchore’s Cloud Service you can explore images on all of the popular public registries for the one that best suits you, analyze an image to see contents and history, and create policies to enforce with other images.

Anchore On Prem

Deploy the Anchore Engine in your data center to scan your private registries and integrate into your CI/CD pipeline – ensuring that only images that pass the policy checks that you define are deployed.

Open Source

The Anchore open source project allows developers to perform detailed analysis on their container images, run queries, produce reports and define policies that can be used in CI/CD pipelines. Developers can extend the tool to add new plugins that add new queries, new image analysis, and new policies

Anchore Training and Services

A 2-day one-on-one training and services session to understand your organizations unique requirements and help you install, configure, and run Anchore.

  • Installation support and recommendations
  • Guidance on securing your container based CI/CD pipeline
  • Working with your team to define custom policies and create whitelists
  • Review and implementation of best practices with Anchore

Interested in Training or Services?

Contact an Anchore representative to setup a time and date for your training
Get a Quote

Industry Leaders are Using Anchore

“We are using Docker extensively in both dev and production and have identified the need to add security scanning to our CI/CD pipeline. Anchore allows us to maintain security and transparency over our images throughout the build process and is exactly the type of solution we were looking for.” 

Dave Anderson, Director of Security & IT

“Shipping Scality’s applications as containers greatly simplifies deployment & maintenance for our customers. However, enterprise customers want to be sure that the containers they are deploying are secure & well maintained. Using Anchore’s tools we can define strict policies for security and compliance that ensure only images that meet our stringent security requirements are released. Anchore allows our customers to independently verify the certification status of all their images at any time, as well as define their own specific certification policies.”

Giorgio Reni, Founder & CTO

“As containers are adopted at an accelerating rate by businesses of all shapes and sizes and deployed into production, it’s critical to know with precision what is running in a given container and where it came from,” said Stephen O’Grady, Principal Analyst with RedMonk. “Anchore is built to add just these kinds of capabilities to container infrastructure, regardless of what it’s made up of.”  

Stephen O’ Grady, Principal Analyst