Anchore and GitLab Announce New Integration to Automate Container Security and Compliance Processes and Speed Application Delivery

18
Anchore and GitLab Announce New Integration to Automate Container Security and Compliance Processes and Speed Application Delivery

The ongoing partnership between Anchore and GitLab streamlines DevSecOps processes and reduces re-work for developers.

Today Anchore, the leading providers of continuous security and compliance for containers, has announced an integration with GitLab, the complete DevSecOps platform, delivered as a single application. With this integration, organizations will be able to automate security and compliance checks from the early stages of the development cycle, speeding software development and reducing risks. Anchore also announces it has joined the GitLab partner program.

Anchore now integrates seamlessly with GitLab to simplify security and compliance workflows for developers and to enable DevSecOps practices. Anchore performs deep container image scanning that identifies vulnerabilities and surfaces a wide range of security and policy infractions, including vulnerabilities and other risks during development. Together, the Anchore and GitLab security integrations will:

  • Display vulnerability results of container scans directly in GitLab security dashboards
  • Surface these findings in merge requests that identify changes needed to remediate issues
  • Enable updating of merge requests with a package version to resolve vulnerabilities
  • Seamlessly manage the risk profile in one place through GitLab’s Risk Management Framework (RMF), reducing the friction of typical software security scanning

“Digital transformation has changed software development practices as organizations seek to deliver applications more quickly and update them more frequently. This shift, combined with increasing cybersecurity threats, requires developers to implement security and compliance checks throughout the DevSecOps life cycle. The integration between Anchore and GitLab helps to automate these DevSecOps best practices for enterprises, government agencies, and open source communities,” said Saïd Ziouani, Anchore CEO and Cofounder.

“Strengthening the software development security and compliance postures of enterprises and public sector organizations is paramount to the missions of both GitLab and Anchore. We are pleased to partner through this integration to help our joint customers to increase their speed to mission delivery and to reduce the risks associated with software development,” said GitLab Vice-President of Global Channels, Michelle Hodges.

The U.S. Department of Defense (DoD) uses both Anchore and GitLab as part of their Platform One Initiative to speed the development of secure and compliant software. Anchore is used to develop hardened containers for Iron Bank (DoD’s software repository for containers) based on DoD best practices.

“Today, more than ever before, security is the most essential aspect of software development for government and critical infrastructure—and is the core of the DoD DevSecOps Initiative and Platform One. Now developers have the ability to push validated code into production on an ongoing basis, resulting in shorter development cycles, less debugging, and more rapid feature development,” said Major Robert Slaughter, Director of DoD Platform One.

Read MoreThe Shift to E-Commerce Might be Permanent in the Post-Pandemic World

GitLab and Anchore will continue to explore how this integration enables those in the public sector to achieve digital transformation during the upcoming “A Day in the Life of a Developer:  Accelerating Software Delivery without Compromising Security” webinar on March 4, 2021 at 2 pm ET.

Enterprise organizations seeking to implement security and compliance checks throughout the DevOps lifecycle can learn more in the Anchore whitepaper, Fundamentals of Container Security.”