anchore

@[email protected]
71 Followers
21 Following
1.2K Posts
Securing and managing the software supply chain. Proud parent of https://fosstodon.org/@syft and https://fosstodon.org/@grype
Anchorehttps://anchore.com/
Bloghttps://anchore.com/blog
Open Sourcehttps://github.com/anchore/
anchore1h ago
Generating timestamped reports of production states usually requires heavy manual data gathering. We are looking at ways to automate this. Anchore Enterprise uses continuous SBOM scanning alongside runtime agents to auto-generate this evidence.
Learn more: https://anchore.com/blog/compliance-operations-making-kubernetes-audit-ready-by-design/
anchore1d ago

Shift-left compliance checking ⬅️

Catch violations before deployment, not during audits 🛡️

https://anchore.com/platform/enforce/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance

anchore1d ago

Your vulnerability matching is only accurate if your feeds are current. A quick anchorectl feed sync is your first step in incident response. Read our playbook on the CLI paths for rapid impact assessment.

https://anchore.com/blog/zero-day-response-rapid-impact-assessment/

anchore1d ago

Built on 30M+ download open source tools (Syft & Grype) 🔧

Community-proven, enterprise-hardened 💪

https://anchore.com/platform/secure/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps

anchore1d ago
Finding out a specific package is vulnerable is only step one. You then have to map that to specific running pods in your frontend service. Our new blog discusses using a Kubernetes inventory agent to collapse this impact analysis down to minutes.
https://anchore.com/blog/compliance-operations-making-kubernetes-audit-ready-by-design/
anchore1d ago

Most tech debt is invisible until it triggers a P0. In this session, Anchore & HeroDevs dig into why "stable" often means "stale."

See the data behind millions of abandoned packages and how to spot them before your next incident.

Watch: https://anchore.com/blog/managing-the-eol-trap-why-software-neglect-is-your-biggest-supply-chain-risk/

anchore1d ago

"Bring Your Own SBOM" sounds simple...

Until you try to manage thousands of them 📊

Scale is everything 📈

https://anchore.com/platform/sbom/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps

anchore1d ago

Need to route container vulnerability data to your own tooling? Benjamin Lang covers how to use the Anchore Enterprise API to register webhook endpoints and parse the JSON payloads.

Check out his new technical post to see how to build a Flask receiver in Python to extract image digests and query the API for critical CVEs: https://anchore.com/blog/event-driven-workflows-with-anchore-enterprise-notifications/

anchore2d ago

Supply chain attacks ↗️ 742% in 2023

Your traditional security stack wasn't built for this fight.

SBOM-first architecture changes everything ⚡

https://anchore.com/platform/

#SoftwareSupplyChain #SBOM #CyberSecurity

anchore2d ago

External auditors evaluating your software for the EU Cyber Resilience Act will not accept manual checklists. They require continuous, verifiable evidence spanning up to 5 years post-deployment.

When the 2026 mandates take effect, you cannot afford to waste engineering cycles chasing false positives. You need deterministic proof of conformity.

Learn how to leverage VEX and continuous CISA KEV-enriched monitoring to systematically suppress noise, maintain lifecycle vi...
https://anchore.com/white-papers/navigating-the-eu-cra-a-blueprint-for-secure-software-supply-chains/