Welcome to the final installment in our 5-part series on Software Bills of Materials (SBOMs). Throughout this series, we’ve explored Now, we’ll examine how SBOMs intersect with various disciplines across the software ecosystem. SBOMs don’t exist in isolation—they’re part of a broader landscape of software development, security, and compliance practices. Understanding these intersections is crucial […] The post SBOMs as the Crossroad of the Software Supply Chain: Anchore Learning...| Anchore
Welcome to the fourth installment in our 5-part series on software bill of materials (SBOMs) In our previous posts, we’ve covered SBOM fundamentals, SBOM generation and scalable SBOM management. Now, we shift our focus to the bigger picture, exploring strategic perspectives from software supply chain thought leaders. After you’ve finished day four, dive into day […] The post SBOM Insights on LLMs, Compliance Attestations and Security Mental Models: Anchore Learning Week (Day 4) appeared...| Anchore
Welcome to the third installment in our 5-part series on software bill of materials (SBOMs)—check here for day 1 and day 2. Now, we’re leveling up to tackle one of the most significant challenges organizations face: scaling SBOM management to keep pace with the velocity of modern, DevOps-based software development. After you’ve digested this part, […] The post DevOps-Scale SBOM Management: Anchore Learning Week (Day 3) appeared first on Anchore.| Anchore
Welcome to day 2 of our 5-part series on Software Bills of Materials (SBOMs). In our previous post, we covered the basics of SBOMs and why they’re essential for modern software security. Now, we’re ready to roll up our sleeves and get technical. After you’ve digested this part, jump into day three, “DevOps-Scale SBOM Management“, […] The post SBOM Generation Step-by-Step: Anchore Learning Week (Day 2) appeared first on Anchore.| Anchore
This blog post is the first in our 5-day series exploring the world of SBOMs and their role in securing the foundational but often overlooked 3rd-party software supply chain. Whether you’re just beginning your SBOM journey or looking to refresh your foundational knowledge, these resources will provide a solid understanding of what SBOMs are and […] The post SBOM Fundamentals: Anchore Learning Week (Day 1) appeared first on Anchore.| Anchore
The post Join Anchore Open Source Team: Live Stream appeared first on Anchore.| Anchore
Your software contains 150+ dependencies you didn’t write, don’t maintain, and can’t fully audit—yet you’re accountable for every vulnerability they introduce. Organizations implementing comprehensive SBOM strategies detect supply chain compromises in minutes instead of days—or worse after a breach. Anchore has been leading the SBOM charge for almost a decade: providing educational resources, tools and […] The post Anchore’s SBOM Learning Week: From Reactive to Resilient in 5 ...| Anchore
The federal cloud market is projected to reach $78+ billion by 2029, but only a small fraction of cloud providers have successfully achieved FedRAMP authorization. That’s why we’re excited to announce our new white paper, “Unlocking Federal Markets: The Enterprise Guide to FedRAMP.” This comprehensive resource is designed for cloud service providers (CSPs) looking to […] The post Navigating the Path to Federal Markets: Your Complete FedRAMP Guide appeared first on Anchore.| Anchore
When CVE-2025-1974 (#IngressNightmare) was disclosed, incident response teams had hours—at most—before exploits appeared in the wild. Imagine two companies responding: Which camp would you rather be in when the next critical CVE drops? Most of us prefer the team that built visibility for their software supply chain security before the crisis hit. CVE-2025-1974 was particularly […] The post From War Room to Workflow: How Anchore Transforms CVE Incident Response appeared first on Anchore.| Anchore
About one year ago, Anchore’s own Josh Bressers broke the story that NVD (National Vulnerability Database) was not keeping up with its vulnerability enrichment. This week, we sat down with Josh to see how things are going. > Josh, can you tell our readers what you mean when you say NVD stopped enriching data? Sure! […] The post The NVD Enrichment Crisis: One Year Later—How Anchore is Filling the Vulnerability Data Gap appeared first on Anchore.| Anchore
In an era where a single line of compromised code can bring entire enterprise systems to their knees, software supply chain security has transformed from an afterthought to a mission-critical priority. The urgency is undeniable: while software supply chain attacks grew by a staggering 540% year-over-year from 2019 to 2022, organizations have rapidly responded. Organizations […] The post Automate Your Compliance: How Anchore Enforce Secures the Software Supply Chain appeared first on Anchore.| Anchore
Is your organization’s PCI compliance coming up for renewal in 2025? Or are you looking to achieve PCI compliance for the first time? Version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS) became mandatory on March 31, 2025. For enterprise’s utilizing a 3rd-party software software supply chain—essentially all companies, according to The […] The post The Critical Role of SBOMs in PCI DSS 4.0 Compliance appeared first on Anchore.| Anchore
Let’s be honest: modern JavaScript projects can feel like a tangled web of packages. Knowing exactly what’s in your final build is crucial, especially with rising security concerns. That’s where a Software Bill of Materials (SBOM) comes in handy – it lists out all the components. We’ll walk you through creating SBOMs for your JavaScript […] The post Generating SBOMs for JavaScript Projects: A Developer’s Guide appeared first on Anchore.| Anchore
Security engineers at modern enterprises face an unprecedented challenge: managing software supply chain risk without impeding development velocity, all while threat actors exploit the rapidly expanding attack surface. With over 25,000 new vulnerabilities in 2023 alone and supply chain attacks surging 540% year-over-year from 2019 to 2022, the exploding adoption of open source software has […] The post How to Automate Container Vulnerability Scanning for Harbor Registry with Anchore Enterpr...| Anchore
Security professionals often need to analyze the contents of virtual machines (VMs) to generate Software Bills of Materials (SBOMs). This seemingly straightforward task can become surprisingly complex. I’d like to introduce sbom-vm, a prototype tool I created to simplify this process. The Current Challenge Security teams typically use tools such as Syft to generate SBOMs […] The post Making Virtual Machine Security Analysis Easier with sbom-vm appeared first on Anchore.| Anchore
Software Bill of Materials (SBOMs) are no longer optional—they’re mission-critical. That’s why we’re excited to announce the release of our new white paper, “Unlock Enterprise Value with SBOMs: Use-Cases for the Entire Organization.” This comprehensive guide is designed for security and engineering leadership at both commercial enterprises and federal agencies, providing actionable insights into how […] The post Unlocking the Power of SBOMs: A Complete Guide appeared first on An...| Anchore
SBOM (software bill of materials) generation is becoming increasingly important for software supply chain security and compliance. Several approaches exist for generating SBOMs for Python projects, each with its own strengths. In this post, we’ll explore two popular methods: using pipdeptree with cyclonedx-py and Syft. We’ll examine their differences and see why Syft is better […] The post Generating Python SBOMs: Using pipdeptree and Syft appeared first on Anchore.| Anchore
We’re excited to announce Syft v1.20.0! If you’re new to the community, Syft is Anchore’s open source software composition analysis (SCA) and SBOM generation tool that provides foundational support for software supply chain security for modern DevSecOps workflows. The latest version is packed with performance improvements, enhanced SBOM accuracy, and several community-driven features that make […] The post Syft 1.20: Faster Scans, Smarter License Detection, and Enhanced Bitnami Suppor...| Anchore
Syft is an open source CLI tool and Go library that generates a Software Bill of Materials (SBOM) from source code, container images and packaged binaries. It is a foundational building block for various use-cases: from vulnerability scanning with tools like Grype, to OSS license compliance with tools like Grant. SBOMs track software components—and their […] The post How Syft Scans Software to Generate SBOMs appeared first on Anchore.| Anchore
At Anchore, we frequently discuss the steady drum beat of regulatory bodies mandating SBOMs (Software Bills of Materials) as the central element of modern software supply chain security. The Digital Operational Resilience Act (DORA) is the most recent framework responding to the accelerating growth of software supply chain attacks—by requiring, in all but name, the […] The post DORA + SBOM Primer: Achieving Software Supply Chain Security in Regulated Industries appeared first on Anchore.| Anchore
Today, we’re excited to announce the launch of “Software Bill of Materials 101: A Guide for Developers, Security Engineers, and the DevSecOps Community”. This eBook is free and open source resource that provides a comprehensive introduction to all things SBOMs. Why We Created This Guide While SBOMs have become increasingly critical for software supply chain […] The post SBOMs 101: A Free, Open Source eBook for the DevSecOps Community appeared first on Anchore.| Anchore
Software Bill of Materials (SBOM) has emerged as a pivotal technology to scale product innovation while taming the inevitable growth of complexity of modern software development. SBOMs are typically thought of as a comprehensive inventory of all software components—both open source and proprietary—within an application. But they are more than just a simple list of […] The post How to Tackle SBOM Sprawl and Secure Your Supply Chain appeared first on Anchore.| Anchore
A few weeks ago, the Biden administration published a new Executive Order (EO) titled “Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity”. This is a follow-up to the original cybersecurity executive order—EO 14028—from May 2021. This latest EO specifically targets improvements to software supply chain security that addresses gaps and challenges that […] The post 2025 Cybersecurity Executive Order Requires Up Leveled Software Supply Chain Secur...| Anchore
In recent years, we’ve witnessed software supply chain security transition from a quiet corner of cybersecurity into a primary battlefield. This is due to the increasing complexity of modern software that obscures the full truth—applications are a tower of components of unknown origin. Cybercriminals have fully embraced this hidden complexity as a ripe vector to […] The post Software Supply Chain Security in 2025: SBOMs Take Center Stage appeared first on Anchore.| Anchore
Software Bills of Materials (SBOMs) have quickly become a critical component in modern software supply chain security. By offering a transparent view of all the components that make up your applications, SBOMs enable you to pinpoint vulnerabilities before they escalate into costly incidents. As we enter 2025, software supply chain security and risk management for […] The post All Things SBOM in 2025: a Weekly Webinar Series appeared first on Anchore.| Anchore
When we were invited to participate in Carnegie Mellon University’s Software Engineering Institute (SEI) SBOM Harmonization Plugfest 2024, we saw an opportunity to contribute to SBOM generation standardization efforts and thoroughly exercise our open-source SBOM generator, Syft. While the Plugfest only required two SBOM submissions, we decided to go all in – and learned some […] The post Going All In: Anchore at SBOM Plugfest 2024 appeared first on Anchore.| Anchore
ModuleQ, an AI-driven enterprise knowledge platform, knows only too well the stakes for a company providing software solutions in the highly regulated financial services sector. In this world where data breaches are cause for termination of a vendor relationship and evolving cyberthreats loom large, proactive vulnerability management is not just a best practice—it’s a necessity. […] The post ModuleQ reduces vulnerability management time by 80% with Anchore Secure appeared first on Anc...| Anchore
Container security is critical – one breach can lead to devastating data losses and business disruption. NVIDIA’s new AI Blueprint for Vulnerability Analysis transforms how organizations handle these risks by automating vulnerability detection and analysis. For enhanced container security, this AI-powered solution is a potential game-changer. At its core, the Blueprint combines AI-driven scanning with […] The post Enhancing Container Security with NVIDIA’s AI Blueprint and Anchore’s...| Anchore
Welcome back to the second installment of our two-part series on “The Evolution of SBOMs in the DevSecOps Lifecycle”. In our first post, we explored how Software Bills of Materials (SBOMs) evolve over the first 4 stages of the DevSecOps pipeline—Plan, Source, Build & Test—and how each type of SBOM serves different purposes. Some of […] The post The Evolution of SBOMs in the DevSecOps Lifecycle: Part 2 appeared first on Anchore.| Anchore
The software industry has wholeheartedly adopted the practice of building new software on the shoulders of the giants that came before them. To accomplish this developers construct a foundation of pre-built, 3rd-party components together then wrap custom 1st-party code around this structure to create novel applications. It is an extraordinarily innovative and productive practice but […] The post The Evolution of SBOMs in the DevSecOps Lifecycle: From Planning to Production appeared first on...| Anchore
Choosing the right SBOM (software bill of materials) generator is tricker than it looks at first glance. SBOMs are the foundation for a number of different uses ranging from software supply chain security to continuous regulatory compliance. Due to its cornerstone nature, the SBOM generator that you choose will either pave the way for achieving […] The post Choosing the Right SBOM Generator: A Framework for Success appeared first on Anchore.| Anchore