anchore

@[email protected]
72 Followers
21 Following
1.2K Posts
Securing and managing the software supply chain. Proud parent of https://fosstodon.org/@syft and https://fosstodon.org/@grype
Anchorehttps://anchore.com/
Bloghttps://anchore.com/blog
Open Sourcehttps://github.com/anchore/
anchore17h ago
STIG scanning tools historically struggle with distroless images because they require an in-container shell. That gap is closed. Anchore Enterprise now evaluates STIG controls on shell-less @chainguard_dev images directly at the image layer. https://anchore.com/blog/stig-compliance-chainguard-images-now-supported/
anchore21h ago
False-positive vulnerability alerts were forcing a team of ~35 @Mattermost developers to waste valuable time chasing non-existent threats. They eliminated the noise and reclaimed their time with Anchore's accurate on-disk scanning. Read the case study: https://anchore.com/case-studies/mattermost-reduces-alert-fatigue-accelerates-nist-compliance-with-anchore/
anchore2d ago

AI agents code at machine speed. Your governance is stuck at human speed.

If your team is manually mapping overlapping frameworks (GDPR, NIS2, FedRAMP), you are bleeding engineering hours.

Treat compliance as an engineering problem. We show you how in our CompOps blueprint: https://go.anchore.com/Modern-Blueprint-for-Continuous-Compliance.html

#DevSecOps

anchore2d ago
Generating timestamped reports of production states usually requires heavy manual data gathering. We are looking at ways to automate this. Anchore Enterprise uses continuous SBOM scanning alongside runtime agents to auto-generate this evidence.
Learn more: https://anchore.com/blog/compliance-operations-making-kubernetes-audit-ready-by-design/
anchore3d ago

Shift-left compliance checking ⬅️

Catch violations before deployment, not during audits 🛡️

https://anchore.com/platform/enforce/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance

anchore3d ago

Your vulnerability matching is only accurate if your feeds are current. A quick anchorectl feed sync is your first step in incident response. Read our playbook on the CLI paths for rapid impact assessment.

https://anchore.com/blog/zero-day-response-rapid-impact-assessment/

anchore3d ago

Built on 30M+ download open source tools (Syft & Grype) 🔧

Community-proven, enterprise-hardened 💪

https://anchore.com/platform/secure/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps

anchore3d ago
Finding out a specific package is vulnerable is only step one. You then have to map that to specific running pods in your frontend service. Our new blog discusses using a Kubernetes inventory agent to collapse this impact analysis down to minutes.
https://anchore.com/blog/compliance-operations-making-kubernetes-audit-ready-by-design/
anchore3d ago

Most tech debt is invisible until it triggers a P0. In this session, Anchore & HeroDevs dig into why "stable" often means "stale."

See the data behind millions of abandoned packages and how to spot them before your next incident.

Watch: https://anchore.com/blog/managing-the-eol-trap-why-software-neglect-is-your-biggest-supply-chain-risk/

anchore3d ago

"Bring Your Own SBOM" sounds simple...

Until you try to manage thousands of them 📊

Scale is everything 📈

https://anchore.com/platform/sbom/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps