The federal cloud market is projected to reach $78+ billion by 2029, but only a small fraction of cloud providers have successfully achieved FedRAMP authorization. That’s why we’re excited to announce our new white paper, “Unlocking Federal Markets: The Enterprise Guide to FedRAMP.” This comprehensive resource is designed for cloud service providers (CSPs) looking to […] The post Navigating the Path to Federal Markets: Your Complete FedRAMP Guide appeared first on Anchore.| Anchore
Security engineers at modern enterprises face an unprecedented challenge: managing software supply chain risk without impeding development velocity, all while threat actors exploit the rapidly expanding attack surface. With over 25,000 new vulnerabilities in 2023 alone and supply chain attacks surging 540% year-over-year from 2019 to 2022, the exploding adoption of open source software has […] The post How to Automate Container Vulnerability Scanning for Harbor Registry with Anchore Enterpr...| Anchore
This blog post has been archived and replaced by the supporting pillar page that can be found here: https://anchore.com/wp-admin/post.php?post=987474946&action=edit The blog post is meant to remain “public” so that it will continue to show on the /blog feed. This will help discoverability for people browsing the blog and potentially help SEO. If it is clicked […] The post NIST SP 800-190: Overview & Compliance Checklist appeared first on Anchore.| Anchore
Software Bill of Materials (SBOMs) are no longer optional—they’re mission-critical. That’s why we’re excited to announce the release of our new white paper, “Unlock Enterprise Value with SBOMs: Use-Cases for the Entire Organization.” This comprehensive guide is designed for security and engineering leadership at both commercial enterprises and federal agencies, providing actionable insights into how […] The post Unlocking the Power of SBOMs: A Complete Guide appeared first on An...| Anchore
SBOM (software bill of materials) generation is becoming increasingly important for software supply chain security and compliance. Several approaches exist for generating SBOMs for Python projects, each with its own strengths. In this post, we’ll explore two popular methods: using pipdeptree with cyclonedx-py and Syft. We’ll examine their differences and see why Syft is better […] The post Generating Python SBOMs: Using pipdeptree and Syft appeared first on Anchore.| Anchore
As software supply chain security becomes a top priority, organizations are turning to Software Bill of Materials (SBOM) generation and analysis to gain visibility into the composition of their software and supply chain dependencies in order to reduce risk. However, integrating SBOM analysis tools into existing workflows can be complex, requiring extensive configuration and technical […] The post Effortless SBOM Analysis: How Anchore Enterprise Simplifies Integration appeared first on Anchore.| Anchore
We’re excited to announce Syft v1.20.0! If you’re new to the community, Syft is Anchore’s open source software composition analysis (SCA) and SBOM generation tool that provides foundational support for software supply chain security for modern DevSecOps workflows. The latest version is packed with performance improvements, enhanced SBOM accuracy, and several community-driven features that make […] The post Syft 1.20: Faster Scans, Smarter License Detection, and Enhanced Bitnami Suppor...| Anchore
Syft is an open source CLI tool and Go library that generates a Software Bill of Materials (SBOM) from source code, container images and packaged binaries. It is a foundational building block for various use-cases: from vulnerability scanning with tools like Grype, to OSS license compliance with tools like Grant. SBOMs track software components—and their […] The post How Syft Scans Software to Generate SBOMs appeared first on Anchore.| Anchore
Today, we’re excited to announce the launch of “Software Bill of Materials 101: A Guide for Developers, Security Engineers, and the DevSecOps Community”. This eBook is free and open source resource that provides a comprehensive introduction to all things SBOMs. Why We Created This Guide While SBOMs have become increasingly critical for software supply chain […] The post SBOMs 101: A Free, Open Source eBook for the DevSecOps Community appeared first on Anchore.| Anchore
Software Bill of Materials (SBOM) has emerged as a pivotal technology to scale product innovation while taming the inevitable growth of complexity of modern software development. SBOMs are typically thought of as a comprehensive inventory of all software components—both open source and proprietary—within an application. But they are more than just a simple list of […] The post How to Tackle SBOM Sprawl and Secure Your Supply Chain appeared first on Anchore.| Anchore
To close out 2024, we’re going to count down the top 10 hottest hits from the Anchore blog in 2024! The Anchore content team continued our tradition of delivering expert guidance, practical insights, and forward-looking strategies on DevSecOps, cybersecurity compliance, and software supply chain management. This top ten list spotlights our most impactful blog posts […] The post The Top Ten List: The 2024 Anchore Blog appeared first on Anchore.| Anchore
ModuleQ, an AI-driven enterprise knowledge platform, knows only too well the stakes for a company providing software solutions in the highly regulated financial services sector. In this world where data breaches are cause for termination of a vendor relationship and evolving cyberthreats loom large, proactive vulnerability management is not just a best practice—it’s a necessity. […] The post ModuleQ reduces vulnerability management time by 80% with Anchore Secure appeared first on Anc...| Anchore
Welcome back to the second installment of our two-part series on “The Evolution of SBOMs in the DevSecOps Lifecycle”. In our first post, we explored how Software Bills of Materials (SBOMs) evolve over the first 4 stages of the DevSecOps pipeline—Plan, Source, Build & Test—and how each type of SBOM serves different purposes. Some of […] The post The Evolution of SBOMs in the DevSecOps Lifecycle: Part 2 appeared first on Anchore.| Anchore
The software industry has wholeheartedly adopted the practice of building new software on the shoulders of the giants that came before them. To accomplish this developers construct a foundation of pre-built, 3rd-party components together then wrap custom 1st-party code around this structure to create novel applications. It is an extraordinarily innovative and productive practice but […] The post The Evolution of SBOMs in the DevSecOps Lifecycle: From Planning to Production appeared first on...| Anchore
Choosing the right SBOM (software bill of materials) generator is tricker than it looks at first glance. SBOMs are the foundation for a number of different uses ranging from software supply chain security to continuous regulatory compliance. Due to its cornerstone nature, the SBOM generator that you choose will either pave the way for achieving […] The post Choosing the Right SBOM Generator: A Framework for Success appeared first on Anchore.| Anchore