Anchore Solutions

Container Security Solutions for Analytics, Compliance and Governance on-premise and in the cloud.

REQUEST A DEMO

Anchore Solutions

Container Security solutions for Analytics, Compliance and Governance on-premise and in the cloud.

 What Anchore Delivers

________

Anchore delivers container security solutions for developers, operations, and security teams to deliver insight and control over the contents, security and compliance of containers from the start of development all the way to production. By allowing the creation of policies for security and compliance that are evaluated by Anchore at each stage of the build pipeline, Anchore ensures that only images containers that adhere to an organization’s policies are deployed.

Anchore Open Source

The Anchore open source project allows developers to perform detailed analysis on their container images, run queries, produce reports and define policies that can be used in CI/CD pipelines. Developers can extend the tool to add new plugins that add new queries, new image analysis, and new policies.

Anchore Premium

Anchore premium builds on top of the open source engine to provide the features required by Enterprise IT including expanded set of a analysis modules, policies and additional data feeds from the Anchore Cloud along with integration with Continuous Integration / Continuous Deployment platforms.

Anchore Navigator

The Anchore Navigator delivers a free service for discovering and analyzing images on public container registries such as DockerHub. This SaaS service regularly polls public container registries and performs analysis on hundreds of public images – both official and non-official.

Users can perform a deep inspection of the image to see all the operating system packages, Node.JS modules, RubyGEMs, and any other file in the image, as well as review policy compliance of the image using the default Anchore policy is based on CVEs, Dockerfile contents and Package Manifest.

Anchore Navigator Premium

The Navigator Premium solution combines the powerful analysis and flexibility of the on-premise engine with the rich visualization of the Navigator. The Anchore engine is deployed on-premise or in the public cloud and performs analysis and policy evaluation on container images within the CI/CD pipeline or an organization’s private registry.

The contained images can be inspected using the Navigator and detailed policies can be defined that specify rules to govern vulnerabilities, package whitelists & blacklists, config file contents, presence of credentials in image, manifest changes, exposed ports or any user defined checks. Whitelists can be created to define exceptions to a policy (i.e. to suppress a specific CVE that is not exploitable in a given application) and synchronized from the Navigator to the on-premise analysis engine. The Navigator can provide pro-active notifications to deliver alerts if a newly issued security vulnerability affects any of an organization’s images.

 

Compare Our Container Security Solutions

____________

 

Anchore Open Source

Anchore Premium

Navigator

Navigator Premium

Open Source Engine
Command Line Tools
Web Based UI
Registry Support
  Public Registries (Docker V1/V2)
  Private Registries (Docker V1/V2)
  On-Prem Registries
Policy Engine
  Custom Policies
  Custom Whitelists
  Graphical Policy Editor
CI / CD Integration
Toolbox
  View Image Metadata
  View Dockerfile
  Show the Family tree of an image
  Show Tag history of an image
  View layers of an image
  Unpack an image
  Managed image analysis data
Analyzers
  Image Metadata
  Image Layers
  Package Data
  Ruby GEMs
  Node NPMs
  Files
  Configuration Files
  Checksums
  SUIDS
  Package Details
  Content Search
  3rd Party Analysis Plugins
Queries
  Package List
  Package Search
  Package Diffs
  Common Packages
  CVE Status
  Base Image Status
  File List
  File Contents
  File Diffs
  Node NPM Modules
  Ruby GEMs
  File Contents
  File Contents Match
  Image Attributes
  Detailed Package Information
  Package Licenses
  Non-Packaged Files
Policy Gates
  Dockerfile Policies
  Package Policies
  File based Policies
  CVE Policies
  Package Versions
  Required Packages
  Blacklisted Packages
  File Content Policies
  Ruby GEM Policies
  Node.JS NPM Policies
Data Feeds
  CVE Data
  OS Package Data
  Ruby GEM Package Data
  Node.JS NPM Package Data
Operating System Support
  Alpine Linux
  Amazon Linux * * * *
  CentOS
  Debian
  Fedora * * * *
  Oracle Linux
  Red Hat Enterprise Linux
  SuSE Linux * * * *
  Ubuntu
*- Currently no CVE data