• Skip to main content
  • Skip to secondary menu
  • Skip to footer

OSINT.org

Intelligence Matters

  • Sponsored Post
    • Make a Contribution
  • Market Intelligence
    • Technologies
    • Events
  • Domain Intelligence
  • About
    • GDPR
  • Contact

Anchore Unveils New Open Source Tools For Automated DevSecOps Pipeline Security

October 6, 2020 By admin Leave a Comment

Anchore, Inc., the leading experts in policy-based workflow and compliance, is launching a collection of new open source tools for automating DevSecOps pipeline security and analysis. Syft and Grype are the first in a collection of tools designed for integration and performance. The tools analyze and scan container images and filesystems, allowing developers to enhance best practices within existing workflows and systems.

As cybersecurity breaches become more numerous and costly, traditional safeguarding tactics grow less effective. Incident response teams are often overwhelmed by having to constantly investigate the cause of previous breaches while developing new preventative measures as the pace of software delivery quickens. With Anchore developers have a unique opportunity to address problems before software is ever deployed and before an incident can occur.

“Our mission at Anchore is to give developers the tools they need to build security into their everyday tasks,” said Anchore CTO Daniel Nurmi. “That means they need to work seamlessly with a large collection of other tools and systems, providing instant results so developers can act immediately. Syft and Grype were designed for exactly that purpose, and are the first of many tools to come.”

Syft analyzes container images and filesystems to create a Software Bill of Materials (SBOM), a comprehensive record of operating system packages and language artifacts. Using Syft, developers can inspect the contents of new software components before deciding to use them and maintain a comprehensive record of the third-party software included in their projects. Syft generates SBOMs that conform to the CycloneDX specification, providing interoperability with a range of software supply chain management tools.

Grype scans container images and filesystems for known vulnerabilities, matching contents against Anchore Feed Service data compiled from multiple public data sources. Developers can use Grype to discover vulnerable components quickly inside projects as they are created and take the appropriate steps for remediation. The Visual Studio Code extension for Grype brings vulnerability scanning directly into the developer’s environment, rescanning projects regularly to watch for emerging vulnerabilities. Developers can easily trigger a Grype vulnerability scan of GitHub projects using the Anchore Container Scan GitHub Action.

“As an open source company, we do research and development in the open,” shared Anchore VP of Product Management Neil Levine. “In recent surveys, customers and community members agreed that security scanning can never be too fast and integration can never be too easy. We are looking forward to seeing how developers and DevOps teams use the tools while we focus on enhancing them with the policy features of our continuous compliance platform, Anchore Enterprise.”

Syft and Grype are available immediately at toolbox.anchore.io. The Visual Studio Code extension can be found in the Visual Studio Marketplace, and the GitHub Action can be found in the GitHub Marketplace. Contributions, feature requests, and issue reports are welcome at the GitHub projects for each tool.

For more information, visit Anchore.

About Anchore
Anchore, Inc., based in Santa Barbara, CA, was founded in 2016 by Saïd Ziouani and Daniel Nurmi to help organizations implement secure container-based workflows using Anchore Enterprise and Anchore Federal. With Anchore, DevSecOps teams establish policy-based approaches to container compliance without compromising velocity. Customers range from Fortune 100 companies to small- and mid-sized customers. Anchore is trusted by modern software development companies across the globe.

SOURCE Anchore

Home

Filed Under: Workflow

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

Recent Posts

  • Longeye Raises $5M to Bring AI-Powered Investigations to Law Enforcement
  • Jared Kushner’s Bid for Electronic Arts: Soft Power, FIFA Politics, and the Israel Question
  • U.S. Preparations to Overthrow the Maduro Regime
  • Qatar Buys Influence Through AI Infrastructure: QIA–Blue Owl $3B Data Center Deal
  • Israel’s Strategic Position Beyond Public Opinion
  • Poland’s Calculated Bet: Bolstering Ukraine’s Long-Range Strike Capabilities
  • Is the U.S. Actually Planning an Invasion or Coup in Venezuela?
  • Tadaweb Secures $20M to Expand Human-Centric OSINT Platform
  • The Collapse of Assad’s Regime: The Beginning of the End for Iran’s So-Called Axis of Resistance
  • Cognyte Intelligence Summit 2024: Transforming Global Security with AI-Powered Insights

Media Partners

  • Analysis.org
  • Opinion.org
When Professions Meet Automation: A Map of Displacement, Adaptation, and Renewal
Electronic Arts’ Historic Buyout Buzz Sparks Market Frenzy
Intel Surges on Apple Investment Speculation and Nvidia Partnership Momentum
Accenture’s AI Paradox: Growth in Bookings, Decline in Stock
NVIDIA: From Chipmaker to AI Infrastructure Powerhouse
H-1B Visa Uncertainty Casts a Shadow on Nasdaq Tech Stocks
Why Nvidia’s $5 Billion Bet on Intel Could Only Happen Under Washington’s Shadow
AMD Slides in Premarket as Intel Soars on $5 Billion Nvidia Investment
Monday.com’s AI Push at Elevate 2025: Convincing the Market It’s Ahead in the Race
China’s War on U.S. AI Champions: Nvidia and Broadcom in the Crosshairs
Spain’s Boom Is a Corruption-Fueled Illusion
Europe to Erdogan: Don’t Teach Us How to Eat
Europe’s Imported Illusion: He must be an engineer
Erdogan’s Possible Collapse
Iran’s Defeat: From Ring of Fire to Ring of Ruin
Snapback Sanctions Drive Iran Toward Stagflation and Unrest
Gustavo Petro’s Reckless Anti-American, Anti-Israeli Stunt
Snapback Sanctions: Cornering Iran’s Paper Tiger Regime
Sarkozy Sentenced, But Macron Is the Question
China’s Hidden War: From Ukraine to the Baltic

Media Partners

  • Market Analysis
  • Market Research Media
How Huawei Surpassed U.S. and European Rivals in Wi-Fi, Chips, and Routers
China’s Ban on BHP Iron Ore Imports: Strategic Leverage or Economic Miscalculation?
Chips, Tariffs, and Sovereignty: The Three-Front Trade War
AI Super-Cycle And The Tug-Of-War For 2026 Margins
Nvidia, OpenAI, and the AI Bubble Debate
Looking for the Next Nvidia? Try Nvidia
How Cisco Lost the Edge to Huawei: A Geopolitical, Organizational, and Industrial Anatomy of a Power Transition
Humanoids at the Gate: Leaders, Market Dynamics, and the Price That Unlocks Scale
Nuclear Renaissance: Why Investors Are Turning Toward Atomic Energy Stocks
Huawei vs. Nvidia in AI Silicon: Closing the Gap Through Scale, Still Trailing in Efficiency and Ecosystem
The End of the Traffic Economy? What’s Next for Small E-Commerce
Adobe’s Missed Turn: Why Not Buying Wix or Weebly Left a Gap
A 100% Tariff on Foreign Films: A Self-Inflicted Wound
China’s Nvidia Probe Is a TikTok Hostage Situation
Mistral AI: Europe’s Rising $14 Billion AI Powerhouse
Motion Raises $60M to Build the AI-Native Work Suite for SMBs
The Afterlife of Print and the Coming AI Storm for Digital Editions
AI Delivers the Death Blow to Low-Quality Indian Outsourcing
AI and the Fragile Social Contract
Warner Bros. Discovery: Restructuring for a Comeback?

Copyright © 2022 OSINT.org

Technologies, Market Analysis & Market Research and Exclusive Domains