• Skip to main content
  • Skip to secondary menu
  • Skip to footer

OSINT.org

Intelligence Matters

  • Sponsored Post
    • Make a Contribution
  • Market Intelligence
    • Technologies
    • Events
  • Domain Intelligence
  • About
    • GDPR
  • Contact

Anchore Unveils New Open Source Tools For Automated DevSecOps Pipeline Security

October 6, 2020 By admin Leave a Comment

Anchore, Inc., the leading experts in policy-based workflow and compliance, is launching a collection of new open source tools for automating DevSecOps pipeline security and analysis. Syft and Grype are the first in a collection of tools designed for integration and performance. The tools analyze and scan container images and filesystems, allowing developers to enhance best practices within existing workflows and systems.

As cybersecurity breaches become more numerous and costly, traditional safeguarding tactics grow less effective. Incident response teams are often overwhelmed by having to constantly investigate the cause of previous breaches while developing new preventative measures as the pace of software delivery quickens. With Anchore developers have a unique opportunity to address problems before software is ever deployed and before an incident can occur.

“Our mission at Anchore is to give developers the tools they need to build security into their everyday tasks,” said Anchore CTO Daniel Nurmi. “That means they need to work seamlessly with a large collection of other tools and systems, providing instant results so developers can act immediately. Syft and Grype were designed for exactly that purpose, and are the first of many tools to come.”

Syft analyzes container images and filesystems to create a Software Bill of Materials (SBOM), a comprehensive record of operating system packages and language artifacts. Using Syft, developers can inspect the contents of new software components before deciding to use them and maintain a comprehensive record of the third-party software included in their projects. Syft generates SBOMs that conform to the CycloneDX specification, providing interoperability with a range of software supply chain management tools.

Grype scans container images and filesystems for known vulnerabilities, matching contents against Anchore Feed Service data compiled from multiple public data sources. Developers can use Grype to discover vulnerable components quickly inside projects as they are created and take the appropriate steps for remediation. The Visual Studio Code extension for Grype brings vulnerability scanning directly into the developer’s environment, rescanning projects regularly to watch for emerging vulnerabilities. Developers can easily trigger a Grype vulnerability scan of GitHub projects using the Anchore Container Scan GitHub Action.

“As an open source company, we do research and development in the open,” shared Anchore VP of Product Management Neil Levine. “In recent surveys, customers and community members agreed that security scanning can never be too fast and integration can never be too easy. We are looking forward to seeing how developers and DevOps teams use the tools while we focus on enhancing them with the policy features of our continuous compliance platform, Anchore Enterprise.”

Syft and Grype are available immediately at toolbox.anchore.io. The Visual Studio Code extension can be found in the Visual Studio Marketplace, and the GitHub Action can be found in the GitHub Marketplace. Contributions, feature requests, and issue reports are welcome at the GitHub projects for each tool.

For more information, visit Anchore.

About Anchore
Anchore, Inc., based in Santa Barbara, CA, was founded in 2016 by Saïd Ziouani and Daniel Nurmi to help organizations implement secure container-based workflows using Anchore Enterprise and Anchore Federal. With Anchore, DevSecOps teams establish policy-based approaches to container compliance without compromising velocity. Customers range from Fortune 100 companies to small- and mid-sized customers. Anchore is trusted by modern software development companies across the globe.

SOURCE Anchore

Home

Filed Under: Workflow

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

Recent Posts

  • The Collapse of Assad’s Regime: The Beginning of the End for Iran’s So-Called Axis of Resistance
  • Cognyte Intelligence Summit 2024: Transforming Global Security with AI-Powered Insights
  • Strategic Concerns Over Peru’s New Port: A Growing Debate on China’s Influence
  • Entry instructions to Nasrallah’s bunker containing more than half a billion dollars in gold and dollars
  • The former Obama AG suing U.S. government on behalf of Chinese military company DJI
  • The Cowardice of Sinwar: Fleeing Accountability and Meeting a Fitting End
  • Deployment of missile interceptor system to Israel in preparation for strike on Iran
  • In 2024, Qatar pledged to invest €10B in the French economy.
  • Eliminated the terrorist Hader Ali Taweel, who served as the Kfarkela Company Commander of the Hezbollah
  • The IDF and ISA Eliminated Rawhi Mushtaha, Head of Hamas Government in Gaza Strip

Media Partners

  • Analysis.org
  • Opinion.org
Illumina’s Challenges and Strategic Moves for a Brighter Future
Barrels of Disappointment: How OPEC+’s Output Surge Burns Iran and Russia
Rewriting the Code of DNA and Destiny: Illumina’s Hypothetical AI-Led Renaissance
Soaring Bond Yields Threaten Trouble for Markets and Economies Alike
Stocks Rise Sharply as Trump Postpones EU Tariffs, Easing Trade Tensions
Gold Retreats as Dollar Strengthens Amid Fiscal Uncertainty and Rate Speculations
Why Trump’s Movie Tariff Exploits a One-Way Street
Apple’s Strategic Pivot: Reshaping Its Supply Chain from China to India
Asana’s Q4 2025 Results Signal Strengthened Financials and Strategic Gains from AI Integration
Snowflake Reports Fourth Quarter and Full-Year Fiscal 2025 Financial Results
Spain Cancels Israeli Arms Deal Under Far-Left Pressure: A Strategic Misstep?
A Warning Shot in the Pacific
Hamas’ Grand Deception: How Radical Islamists Manipulated Western Liberal Sentiments
Qatar’s Masterful Manipulation of the Trump Administration Exposes Dangerous Diplomatic Weakness
Putin Plays Trump’s Administration Like a Violin Virtuoso
Understanding the Concept of a Deep State
Bessent Urges Canada to Follow Mexico in Adopting China Tariffs
Europe’s Empty Words Will Not Save Ukraine
Zelensky Stands Firm Against White House Pressure
Shifting Trade Winds: The Uncertain Future of U.S.-China Economic Ties

Media Partners

  • Market Analysis
  • Market Research Media
China’s Strategic Shift to RISC-V: Market Implications and Growth Prospects
Understanding Transfer Pricing: A Key Component of Multinational Business Operations
A Comprehensive Tour of Project Management Tools and Integration Platforms
Implementing Odoo ERP in a Small Manufacturing Enterprise: Costs and Considerations
Economic Optimism Meets Uncertainty: Blue Chip Indicators Highlight Post-Election Fiscal Concerns and AI’s Looming Impact
The Future of Connectivity: Insights from Ericsson’s November 2024 Mobility Report
Platinum Market Faces Sustained Deficit Amidst Strong Demand and Constrained Supply
Breaking Beijing’s Grip: U.S. and Australia Unite Against China’s Rare Earth Monopoly
Global AI-Powered Accounting and Audit Services Market Analysis 2023-2030: Growth, Trends, and Forecast
The Re-Emergence of PHP
The Rise of Headless Content Frameworks in Distributed Media Projects
Developing Web Projects: From Concept to Launch
The Rise of APS-C Cameras: A Professional Renaissance in Photography
Market Brief: Disruption in Spanish Orange Supply Chain and Strategic Response by UK Retailers
Global AI-Powered Movie Scenario Market Analysis 2023-2030: Growth, Trends, and Forecast
Market Research Report: US Government Cybersecurity Market in 2024
Market Research Report: Global Advertising Revenue Projections and Trends in the Entertainment & Media Industry
Social Media: The Rise of Formulaic Content
Netflix’s Creative Decline: The Rise of Formulaic Content
The Transformation of Media: Navigating the Waning Allure of Social Platforms

Copyright © 2022 OSINT.org

Technologies, Market Analysis & Market Research and Exclusive Domains