Anchore, a leader in software supply chain security, today announced the release of Anchore Enterprise 3.2 with key features that enable organizations to protect against more security risks and vulnerabilities in their software supply chain.
“Being able to easily surface software components that have vulnerabilities, malware, secrets, and other security risks is essential for developers and security engineers,” said Neil Levine, Vice President of Product at Anchore. “With 64 percent of large enterprises impacted by software supply chain attacks, Anchore is focused on providing organizations with best-in-class tools to proactively combat against these threats to software integrity.”
Anchore Enterprise 3.2 introduces richer visibility into software components so risks can be identified and quickly mitigated. Key capabilities include:
Also Read:Ransomware Attacks Surge in 2021 – Are Enterprises Prepared?
Identify Vulnerabilities More Accurately with Our Next-Generation Scanning Engine
Anchore Enterprise 3.2 now uses a next-generation vulnerability scanning engine that builds upon capabilities in Anchore’s open source tool Grype and also delivers more accurate results. Users of Anchore Enterprise 3.2 will gain all of the additional features of false positive management and benefit from consistent results between Anchore’s open source and commercial tools, simplifying the transition.
Support for Scanning SUSE Enterprise Linux
Anchore Enterprise 3.2 can now scan and continuously monitor SUSE software container images for security issues present in installed SUSE packages to improve security posture and mitigate threats. SUSE packages are now included in the software bill of materials (SBOM) and can be shared externally for compliance. Users can also apply Anchore’s customizable policy enforcement to SUSE packages and vulnerabilities.
Expanded Options for Policy Rules in the UI
Anchore Enterprise users now have the ability to see more SBOM file details in the user interface (UI) that were previously available only through the API. This visibility enables users to easily view data that can be instrumental in creating and tuning policy rules. The UI data additions include secret checks for identifying credential information inadvertently included in container builds and file content checks for developer best practices such as making sure configurations are set correctly. The UI also now allows you to access retrieved files that were previously designated to be saved during the scan for additional policy checks.
More Allowlist Customization Options in the UI
Users now have additional Allowlist customization options in the UI. Allowlists enable development teams to continue working while issues are being investigated. Now in addition to vulnerabilities, users can add all other policy check results to Allowlists through the UI which permits them to override specific policy violations for a more accurate final pass or fail recommendations on image scans.
For more such updates follow us on Google News ITsecuritywire News.