Anchore, Inc., based in Santa Barbara, CA, was founded in 2016 by Saïd Ziouani and Daniel Nurmi to help organizations implement secure container-based workflows without compromising velocity. It delivers open source image inspection and scanning tools, along with complete container workflow solutions for highly-regulated industries.
Anchore Federal was designed in collaboration with the United States Department of Defense to deliver out-of-the-box compliance for Federal agencies. With Anchore, DevSecOps teams can establish flexible, policy-based approaches to software supply chain security. Customers range from Fortune 100 companies to small- and mid-sized organizations, across all major industries and government branches. Anchore is trusted by modern software development companies across the globe.
Anchore Engine, first released in 2017, is an open source tool for deep image inspection and vulnerability scanning. It is the only solution focused entirely on deep inspection of container images, as it goes beyond basic source and binary scanning by probing into their configuration and contents. Anchore Engine allows users to perform detailed analysis on their container images, run queries, produce reports, and define policies that can be used in CI/CD pipelines. It is the foundation of Anchore Enterprise, a fully-featured container security workflow solution for organizations in highly-regulated industries.
Anchore Enterprise is a complete container security workflow solution for professional teams. Integrating seamlessly with a wide variety of development tools and platforms, it allows teams to adhere to defined industry security standards without compromising velocity. The Anchore Enterprise user interface provides visibility to security teams, allowing them to audit and verify compliance throughout the organization. It can be deployed in air-gapped and public cloud environments and is built for large scale. Anchore Enterprise is based on Anchore Engine, an open-source tool for deep image inspection and vulnerability scanning.
Anchore Federal is a complete container security workflow solution for federal agencies. Integrating with a variety of development tools and platforms, it enables teams to adhere to defined industry, agency, and program-specific security standards without compromising velocity. Anchore Federal includes policy checks that validate compliance with NIST, STIG, and FedRAMP guidelines. The Anchore Federal UI provides visibility to security teams, allowing them to audit compliance throughout the organization. It can be deployed in air-gapped and public cloud environments and is built for scale. Anchore Federal is based on Anchore Engine, an open-source tool for deep image inspection and vulnerability scanning.
Introducing Anchore Enterprise 2.4
September 01, 2020 | Today, we are pleased to announce the GA of Anchore Enterprise 2.4. In keeping with previous releases in the 2.x series, version 2.4 has been heavily driven by customer requests both in terms of features and operational improvements. Without further ado, let’s go into the main enhancements. Read More >>
Anchore Partners with Carahsoft
July 01, 2020 | When you want to sell to the government, it behooves you to pick your partners wisely—and it’s no accident that Anchore chose to work with the largest trusted government IT solutions provider, Carahsoft Technology Corporation, to distribute Anchore’s products to public sector customers.
Container Security for US Government Information Systems
May 08, 2020 | Over the last year, we received great feedback from our customers regarding our Container Security for US Government Information Systems white paper. Today, we are publishing version 2.0, which updates and expands upon last year’s document. Read More >>
Building a DevSecOps Platform with the United States Air Force
May 01, 2020 | When I arrived at Anchore, I joined an amazing group of engineers working to turn a bunch of slides into a tangible reality for the US Air Force (USAF) and US Department of Defense (DoD). Read More >>
Anchore Enterprise 2.3 Feature Series: Scheduled Reports
May 22, 2020 | With the release of Anchore Enterprise 2.3 (built upon Anchore Engine v0.7.1), we are happy to announce a new feature of our reporting service: the ability to run scheduled reports. Read More >>
Anchore Scanning for Windows Container Images
May 18, 2020 | With the recent release of version 2.3, Anchore Enterprise now supports scanning of Windows container images and the addition of a new feed source for identifying Windows vulnerabilities: Microsoft Security Response Center (MSRC). Read More >>
Anchore Enterprise 2.3 Feature Series: NuGet Package Support
May 14, 2020 | With the release of Anchore Engine 0.7.0 and Anchore Enterprise 2.3, we are happy to share that you can now scan for vulnerabilities in NuGet packages inside your container images. Read More >>
Anchore Enterprise 2.3 Feature Series: GitHub Security Advisories
May 07, 2020 | With the release of Anchore Enterprise 2.3 (built upon Anchore Engine v0.7.1), we are happy to announce a new feed provider: GitHub Security Advisories (GHSA). Read More >>
Anchore Enterprise 2.3 is a big release! It includes a set of features, including some designed for those who deploy Windows and .Net applications inside containers. Listen to this short webinar to learn about these improvements and everything else inside Anchore Enterprise 2.3.
View the Webinar >>