anchore

@anchore@mstdn.business
59 Followers
21 Following
747 Posts
Securing and managing the software supply chain. Proud parent of https://fosstodon.org/@syft and https://fosstodon.org/@grype
Anchorehttps://anchore.com/
Bloghttps://anchore.com/blog
Open Sourcehttps://github.com/anchore/
anchore8h ago

Why do we need SBOMs? The simple answer: Compliance. ๐Ÿ“‹

It's not just about saying you're doing the right thing for security. It's about having the machine-readable proof that regulators now demand.

Full breakdown here: https://anchore.com/blog/why-sboms-are-no-longer-optional-in-2025/

anchore9h ago

No more midnight batch scans. ๐ŸŒ™

"I've identified issues. Fixed them. Rebuilt and pushed. I didn't rely on another team to catch my mistakes."

True "Shift Left" means fixing vulnerabilities before the merge, not after the deployment.

Here's how: https://anchore.com/blog/the-death-of-manual-sbom-management-and-an-automated-future/

anchore12h ago

False positives killing your team's productivity? ๐Ÿ˜ตโ€๐Ÿ’ซ

Anchore Secure gives you signal, not noise ๐Ÿ“ก

https://anchore.com/platform/secure/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps

anchore16h ago

Big things are happening in the Anchore OSS ecosystem.

Our tools are expanding, and they deserve a proper home. We are thrilled to introduce a dedicated hub for everything we are building.

Check out the full story from @alexgoodman87: https://anchore.com/blog/anchore-oss-docs-have-a-new-home/

anchore18h ago

FedRAMP compliance in weeks, not months โšก

Ready-to-deploy policy packs for instant compliance feedback ๐Ÿ“‹

https://anchore.com/platform/enforce/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance

anchore1d ago

Your MCP server might be the weakest linkโ€”here's the data. @josh.bressers.name scanned 161 MCP images and found 9,000 vulns / 263 criticals. Read the breakdown and fixes: https://anchore.com/blog/analyzing-the-top-mcp-docker-containers/

#MCP #SoftwareSupplyChain #ContainerSecurity #DevSecOps

anchore1d ago

Wishing you a peaceful and secure holiday! ๐ŸŽ„ While you're taking a well-deserved break, we hope you're enjoying the "set it and forget it" peace of mind that comes with automated security. Merry Christmas from all of us at Anchore! โœจ

#HappyHolidays #DevSecOps

anchore1d ago

Open source maintainers: drowning in a sea of "good first issues" that never get picked up? You're not alone.

It's a contributor time-shortage problem. Our Dir of DevRel @popey.me wondered if an AI could help. So he tried it.

Read to full post: https://anchore.com/blog/can-an-llm-really-fix-a-bug-a-start-to-finish-case-study/

anchore1d ago

"Cybersecurity Awareness Month had its moment. It's over."

New from Anchore VP of Security, @Josh Bressers: ditch the calendar ritual/ Instead build trust daily.

Read: https://anchore.com/blog/cybersecurity-awareness-month-no-longer-works/

anchore1d ago

๐Ÿšจ The EU just made SBOMs mandatory for all software products!

Our guide breaks down the Cyber Resilience Act requirements and provides a roadmap to compliance before the 2027 deadline.

Don't waitโ€”start building your SBOM strategy today.

๐Ÿ”— https://anchore.com/sbom/eu-cra/

#SBOM #CRA