• slide
  • slide
  • slide

Overview

Anchore, Inc., based in Santa Barbara, CA, was founded in 2016 by Saïd Ziouani and Daniel Nurmi to help organizations implement secure container-based workflows without compromising velocity. It delivers open source image inspection and scanning tools, along with complete container workflow solutions for highly-regulated industries.

Anchore Federal was designed in collaboration with the United States Department of Defense to deliver out-of-the-box compliance for Federal agencies. With Anchore, DevSecOps teams can establish flexible, policy-based approaches to software supply chain security. Customers range from Fortune 100 companies to small- and mid-sized organizations, across all major industries and government branches. Anchore is trusted by modern software development companies across the globe.

Products

  • Anchore Engine

    Anchore Engine, first released in 2017, is an open source tool for deep image inspection and vulnerability scanning. It is the only solution focused entirely on deep inspection of container images, as it goes beyond basic source and binary scanning by probing into their configuration and contents. Anchore Engine allows users to perform detailed analysis on their container images, run queries, produce reports, and define policies that can be used in CI/CD pipelines. It is the foundation of Anchore Enterprise, a fully-featured container security workflow solution for organizations in highly-regulated industries.

  • Anchore Enterprise

    Anchore Enterprise is a complete container security workflow solution for professional teams. Integrating seamlessly with a wide variety of development tools and platforms, it allows teams to adhere to defined industry security standards without compromising velocity. The Anchore Enterprise user interface provides visibility to security teams, allowing them to audit and verify compliance throughout the organization. It can be deployed in air-gapped and public cloud environments and is built for large scale. Anchore Enterprise is based on Anchore Engine, an open-source tool for deep image inspection and vulnerability scanning.

  • Anchore Federal

    Anchore Federal is a complete container security workflow solution for federal agencies. Integrating with a variety of development tools and platforms, it enables teams to adhere to defined industry, agency, and program-specific security standards without compromising velocity. Anchore Federal includes policy checks that validate compliance with NIST, STIG, and FedRAMP guidelines. The Anchore Federal UI provides visibility to security teams, allowing them to audit compliance throughout the organization. It can be deployed in air-gapped and public cloud environments and is built for scale. Anchore Federal is based on Anchore Engine, an open-source tool for deep image inspection and vulnerability scanning.

Blog

Anchore Blog

Introducing Anchore Enterprise 2.4
September 01, 2020 | Today, we are pleased to announce the GA of Anchore Enterprise 2.4. In keeping with previous releases in the 2.x series, version 2.4 has been heavily driven by customer requests both in terms of features and operational improvements. Without further ado, let’s go into the main enhancements. Read More >> 

Anchore Partners with Carahsoft
July 01, 2020 | When you want to sell to the government, it behooves you to pick your partners wisely—and it’s no accident that Anchore chose to work with the largest trusted government IT solutions provider, Carahsoft Technology Corporation, to distribute Anchore’s products to public sector customers.

Container Security for US Government Information Systems
May 08, 2020 | Over the last year, we received great feedback from our customers regarding our Container Security for US Government Information Systems white paper. Today, we are publishing version 2.0, which updates and expands upon last year’s document. Read More >>

Building a DevSecOps Platform with the United States Air Force
May 01, 2020 | When I arrived at Anchore, I joined an amazing group of engineers working to turn a bunch of slides into a tangible reality for the US Air Force (USAF) and US Department of Defense (DoD). Read More >> ​​​​​​​


Anchore Enterprise 2.3 Blog Series

Anchore Enterprise 2.3 Feature Series: Scheduled Reports
May 22, 2020 | With the release of Anchore Enterprise 2.3 (built upon Anchore Engine v0.7.1), we are happy to announce a new feature of our reporting service: the ability to run scheduled reports. Read More >>

Anchore Scanning for Windows Container Images
May 18, 2020 | With the recent release of version 2.3, Anchore Enterprise now supports scanning of Windows container images and the addition of a new feed source for identifying Windows vulnerabilities: Microsoft Security Response Center (MSRC). Read More >>

Anchore Enterprise 2.3 Feature Series: NuGet Package Support
May 14, 2020 | With the release of Anchore Engine 0.7.0 and Anchore Enterprise 2.3, we are happy to share that you can now scan for vulnerabilities in NuGet packages inside your container images. Read More >>

Anchore Enterprise 2.3 Feature Series: GitHub Security Advisories
May 07, 2020 | With the release of Anchore Enterprise 2.3 (built upon Anchore Engine v0.7.1), we are happy to announce a new feed provider: GitHub Security Advisories (GHSA). Read More >>

Introducing Anchore Enterprise 2.3
May 06, 2020 | Today, we announced the availability of Anchore Enterprise 2.3 for our enterprise and federal government customers. Read More >>

Contracts

There were no contracts found for this vendor.

Events

Introducing Anchore Enterprise 2.3

Anchore Enterprise 2.3 is a big release! It includes a set of features, including some designed for those who deploy Windows and .Net applications inside containers. Listen to this short webinar to learn about these improvements and everything else inside Anchore Enterprise 2.3.
View the Webinar >>

Archived Events

News

Latest News

Today, we are pleased to announce the GA of Anchore Enterprise 2.4. In keeping with previous releases in the 2.x series, version 2.4 has been heavily driven by customer requests both in terms of ...
READ MORE >
Anchore, experts in container workflow, analysis and security, and Carahsoft Technology Corp., The Trusted Government IT Solutions Provider®, today announced a partnership.
READ MORE >

Resources


Featured

Case Study

Building a DevSecOps Pipeline for the Department of Defense


This case study explores how Anchore and Red Hat teamed up to build a DevSecOps pipeline for the DoD by
implementing a flexible, container-based platform for software delivery powered by Red Hat OpenShift
and Anchore Enterprise. With this platform, they can maintain a streamlined, zero-trust security
and compliance posture while releasing new software as frequently as mission conditions require.
READ MORE>



Datasheet

Achieving FedRAMP compliance using Anchore Enterprise

anchore_logo.png
Datasheet
A secure container workflows solution for federal agencies.

Whitepaper

Shifting security left can lead to massive productivity gains that extend beyond development teams. As a significant force multiplier, it allows agencies to be more productive. Studies shows that agencies that have implemented DevSecOps are able to create higher quality, more secure products, while ...

Containers introduce unique security challenges for enterprises and federal agencies alike. Download this whitepaper to read more on DevSecOps best practices for federal agencies who deploy containers at scale.