Added capabilities expand protection to all stages of the DevSecOps lifecycle, preventing security problems from reaching production applications
Modern cloud-native software applications include software components from internal and external sources that can introduce security risks at numerous points in the software development lifecycle. With the release of Anchore Enterprise 3.0 organizations can now protect against software supply chain threats from development to production and accelerate the delivery of secure,container-based software.
New capabilities in this release include:
End-to-end container security from development to Kubernetes
Anchore Enterprise 3.0 broadens coverage of the software supply chain by making the security status of running images visible to developers and security teams. This provides added layers of security and reduces the risk of security breaches caused by insecure code being included in production applications.
Distributed scanning that integrates seamlessly with developer workflows
Anchore Enterprise can now perform automated security checks locally on developer systems and within the CI/CD pipeline. This release includes new, lightweight tools that can be deployed at various points in the software development lifecycle and feed results back to the central Anchore Enterprise system to be processed based on organizational policies.
Reduced false positives making developers more productive
Anchore Enterprise 3.0 provides new features that reduce false positives, enabling developers to focus on the critical security issues that must be fixed. Users can now easily correct any misidentifications to ensure that future checks have fewer false positives. Security teams can leverage time-based allowlists that enforce SLAs for developers to address security while avoiding repeated alerts.
Remediation recommendations that reduce time and cost to fix security issues
This release provides automated remediation suggestions for vulnerable containers and enables security teams to triage policy violations, select remediation options, and issue notifications through tools like Jira, Slack, Teams, Gitlab, GitHub, traditional email and more. As a result, security issues are fixed earlier in the development lifecycle, resulting in lower costs and fewer delays.
“Digital transformation is driving companies and government agencies to improve their cybersecurity posture,” said Saïd Ziouani, CEO of Anchore. “With Anchore Enterprise 3.0 we’re expanding DevSecOps protections and reducing security risks by providing multiple layers of protection across the software supply chain. As organizations adopt ‘defense in depth’ strategies, they are seeking to significantly decrease the number of security issues that make it through to staging or production, where risks are higher and fixes are more costly. With this release we’re making it easier to automate security checks from the earliest stages of the software development lifecycle all the way through production.”
Anchore will host a webinar “How to Secure Containers Across the SDLC with Anchore 3.0” on March 9, 2021 at 1 pm ET. During the webinar experts will discuss how to automate security checks from development to Kubernetes deployment, implement distributed scanning that fits seamlessly in developer workflows, and more.