Anchore, a leader in software supply chain security, today announced that it is the newest member of the Docker Extension Program. The Anchore Docker Desktop Extension conducts a powerful analysis that proactively scans and displays the software components in each container image. With this instant analysis of container images, developers and security engineers have the information available to make informed decisions about the security of their software supply chain.
The Anchore Docker Desktop Extension is unique because it seamlessly scans each container image behind the scenes, without requiring developers to request an individual scan or wait for a scan to complete. Instead, the Anchore extension instantly displays the number and type of packages along with vulnerabilities segmented by severity level, allowing users to easily search for specific packages or vulnerabilities. The extension analyzes the container images locally, keeping all data on the user’s machine. It is built on the open source Syft and Grype tools and continually monitors the set of images with unlimited, automatic scans.
“Docker is obsessed with developer ergonomics and is committed to filling and improving the developer experience gap,” said Webb Stevens, Docker’s SVP of Secure Software Supply Chain. “We welcome Anchore to the Docker Extension marketplace, expanding the applications and capabilities available for millions of registered Docker developers.”
Also Read: Four Best Practices for Securing APIs from Data Breaches and Attacks
This new extension further expands integration points between Anchore and the Docker ecosystem. Last month Anchore and Docker collaborated to launch the ‘docker sbom’ command that generates an SBOM for any Docker image. Anchore also recently released a new version of its AnchoreCTL tool which now can upload SBOMs generated by the ‘docker sbom’ command to Anchore Enterprise, enabling organizations to centrally store their SBOMs and continually monitor them for any new vulnerabilities that may arise.
According to the Gartner® Innovation Insight for SBOMs report, “the lack of visibility and transparency into proprietary and open-source dependencies within the software supply chain exacerbates security and compliance risks.” It also states that “software engineering teams often lack the tools, practices and standards to systematically discover and share details about vulnerable software packages across the organization.”
Docker Extensions demonstrates Docker’s commitment to improving the developer experience by bringing the tools developers use most to an environment where they can more easily focus on innovation, and less time on everything else. Inclusion of the Anchore Docker Desktop Extension provides a frictionless developer experience while providing transparency into the software supply chain.
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.