J’adore Anchore, pour le DevSecOps chores & more
Anchore might make you think of anchovies, anchors, chores, s’mores or perhaps even a nicely chilled bottle of Piat D’Or.
It is of course none of those things, Anchore is a container compliance and security platform.
Now at iteration release 2.3, Anchore Enterprise was announced at the GitHub Universe Satellite [virtual] developer conference this week.
For this release, Anchore Enterprise 2.3 has now been engineered for the Microsoft technology ecosystem.
It now ships with what Anchore calls ‘deep image inspection’ of Windows container images, allowing users to extend container-based DevSecOps workflows beyond the Linux stack.
Gettin’ NuGet
Analysis of images has been expanded to include the discovery of NuGet packages (a package manager for .NET) which allows for policy-based control over .NET frameworks and artifacts.
Anchore has also included an updated reporting service that allows users to schedule and generate custom reports. The new version includes support for the GitHub Advisory Database, which provides users with vulnerability data from GitHub.
“Every day, customers improve the security posture of their Linux applications using DevSecOps practices powered by Anchore Enterprise,” said Saïd Ziouani, CEO of Anchore. “But until now, those practices only provided governance for Linux applications running in Linux containers. This release offers that power to teams in the Microsoft ecosystem, helping them establish even more comprehensive visibility and compliance throughout their software supply chain.”
While containers are indelibly part of Linux, many enterprises operate in environments where key applications are built using Microsoft ecosystem technologies.
These applications can be managed within container orchestration platforms like Docker and Kubernetes, running alongside Linux applications in the hybrid cloud for greater efficiency and flexibility. Anchore Enterprise 2.3 performs deep image inspection of Windows container images, building a comprehensive software build of materials (SBOM) that can be used to establish and enforce policies.
Anchore also announced today that it has begun monitoring GitHub Security Advisories, which are argued to be becoming a locus of information.