Learn how SUSE supports software supply chain integrity, container security, and developer velocity for enterprise AI.| theCUBE Research
The post Shift Right Security for EKS appeared first on Anchore.| Anchore
Kubernetes has gone from experiment to essential — powering everything from fintech apps to telecom infrastructure and government services. But as| Sysdig
This blog post has been archived and replaced by the supporting pillar page that can be found here: https://anchore.com/wp-admin/post.php?post=987475061&action=edit The blog post is meant to remain “public” so that it will continue to show on the /blog feed. This will help discoverability for people browsing the blog and potentially help SEO. If it is clicked […] The post What is Software Composition Analysis (SCA)? appeared first on Anchore.| Anchore
Wired recently published an article titled Security Researchers Warn a Widely Used Open Source Tool Poses a ‘Persistent’ Risk to the US which paints a dire picture of a popular open source Go package named easyjson. This sounds like it could be a problem if you read the article, so how much panic is appropriate […] The post Easyjson and foreign influence, should we panic? appeared first on Anchore.| Anchore
This blog post has been archived and replaced by the supporting pillar page that can be found here: https://anchore.com/wp-admin/post.php?post=987475103&action=edit The blog post is meant to remain “public” so that it will continue to show on the /blog feed. This will help discoverability for people browsing the blog and potentially help SEO. If it is clicked […] The post EU CRA SBOM Requirements: Overview & Compliance Tips appeared first on Anchore.| Anchore
Welcome to the final installment in our 5-part series on Software Bills of Materials (SBOMs). Throughout this series, we’ve explored Now, we’ll examine how SBOMs intersect with various disciplines across the software ecosystem. SBOMs don’t exist in isolation—they’re part of a broader landscape of software development, security, and compliance practices. Understanding these intersections is crucial […] The post SBOMs as the Crossroad of the Software Supply Chain: Anchore Learning...| Anchore
Welcome to the fourth installment in our 5-part series on software bill of materials (SBOMs) In our previous posts, we’ve covered SBOM fundamentals, SBOM generation and scalable SBOM management. Now, we shift our focus to the bigger picture, exploring strategic perspectives from software supply chain thought leaders. After you’ve finished day four, dive into day […] The post SBOM Insights on LLMs, Compliance Attestations and Security Mental Models: Anchore Learning Week (Day 4) appeared...| Anchore
Welcome to the third installment in our 5-part series on software bill of materials (SBOMs)—check here for day 1 and day 2. Now, we’re leveling up to tackle one of the most significant challenges organizations face: scaling SBOM management to keep pace with the velocity of modern, DevOps-based software development. After you’ve digested this part, […] The post DevOps-Scale SBOM Management: Anchore Learning Week (Day 3) appeared first on Anchore.| Anchore
Welcome to day 2 of our 5-part series on Software Bills of Materials (SBOMs). In our previous post, we covered the basics of SBOMs and why they’re essential for modern software security. Now, we’re ready to roll up our sleeves and get technical. After you’ve digested this part, jump into day three, “DevOps-Scale SBOM Management“, […] The post SBOM Generation Step-by-Step: Anchore Learning Week (Day 2) appeared first on Anchore.| Anchore
This blog post is the first in our 5-day series exploring the world of SBOMs and their role in securing the foundational but often overlooked 3rd-party software supply chain. Whether you’re just beginning your SBOM journey or looking to refresh your foundational knowledge, these resources will provide a solid understanding of what SBOMs are and […] The post SBOM Fundamentals: Anchore Learning Week (Day 1) appeared first on Anchore.| Anchore
Your software contains 150+ dependencies you didn’t write, don’t maintain, and can’t fully audit—yet you’re accountable for every vulnerability they introduce. Organizations implementing comprehensive SBOM strategies detect supply chain compromises in minutes instead of days—or worse after a breach. Anchore has been leading the SBOM charge for almost a decade: providing educational resources, tools and […] The post Anchore’s SBOM Learning Week: From Reactive to Resilient in 5 ...| Anchore
The federal cloud market is projected to reach $78+ billion by 2029, but only a small fraction of cloud providers have successfully achieved FedRAMP authorization. That’s why we’re excited to announce our new white paper, “Unlocking Federal Markets: The Enterprise Guide to FedRAMP.” This comprehensive resource is designed for cloud service providers (CSPs) looking to […] The post Navigating the Path to Federal Markets: Your Complete FedRAMP Guide appeared first on Anchore.| Anchore
If you’re a developer, this vignette may strike a chord: You’re deep in the flow, making great progress on your latest feature, when someone from the security team sends you an urgent message. A vulnerability has been discovered in one of your dependencies and has failed a compliance review. Suddenly, your day is derailed as […] The post The Developer’s Guide to SBOMs & Policy-as-Code appeared first on Anchore.| Anchore
Two cybersecurity buzzwords are rapidly shaping how organizations manage risk and streamline operations: Continuous Monitoring (ConMon) and Software Bill of Materials (SBOMs). ConMon, rooted in the traditional security principle—“trust but verify”—has evolved into an iterative process where organizations measure, analyze, design, and implement improvements based on real-time data. Meanwhile, SBOMs offer a snapshot of an […] The post Software Supply Chain Transparency: Why SBOMs Are ...| Anchore
Security engineers at modern enterprises face an unprecedented challenge: managing software supply chain risk without impeding development velocity, all while threat actors exploit the rapidly expanding attack surface. With over 25,000 new vulnerabilities in 2023 alone and supply chain attacks surging 540% year-over-year from 2019 to 2022, the exploding adoption of open source software has […] The post How to Automate Container Vulnerability Scanning for Harbor Registry with Anchore Enterpr...| Anchore
This blog post has been archived and replaced by the supporting pillar page that can be found here: https://anchore.com/wp-admin/post.php?post=987474946&action=edit The blog post is meant to remain “public” so that it will continue to show on the /blog feed. This will help discoverability for people browsing the blog and potentially help SEO. If it is clicked […] The post NIST SP 800-190: Overview & Compliance Checklist appeared first on Anchore.| Anchore
Software Bill of Materials (SBOMs) are no longer optional—they’re mission-critical. That’s why we’re excited to announce the release of our new white paper, “Unlock Enterprise Value with SBOMs: Use-Cases for the Entire Organization.” This comprehensive guide is designed for security and engineering leadership at both commercial enterprises and federal agencies, providing actionable insights into how […] The post Unlocking the Power of SBOMs: A Complete Guide appeared first on An...| Anchore
SBOM (software bill of materials) generation is becoming increasingly important for software supply chain security and compliance. Several approaches exist for generating SBOMs for Python projects, each with its own strengths. In this post, we’ll explore two popular methods: using pipdeptree with cyclonedx-py and Syft. We’ll examine their differences and see why Syft is better […] The post Generating Python SBOMs: Using pipdeptree and Syft appeared first on Anchore.| Anchore
As software supply chain security becomes a top priority, organizations are turning to Software Bill of Materials (SBOM) generation and analysis to gain visibility into the composition of their software and supply chain dependencies in order to reduce risk. However, integrating SBOM analysis tools into existing workflows can be complex, requiring extensive configuration and technical […] The post Effortless SBOM Analysis: How Anchore Enterprise Simplifies Integration appeared first on Anchore.| Anchore
We’re excited to announce Syft v1.20.0! If you’re new to the community, Syft is Anchore’s open source software composition analysis (SCA) and SBOM generation tool that provides foundational support for software supply chain security for modern DevSecOps workflows. The latest version is packed with performance improvements, enhanced SBOM accuracy, and several community-driven features that make […] The post Syft 1.20: Faster Scans, Smarter License Detection, and Enhanced Bitnami Suppor...| Anchore
This blog post has been archived and replaced by the supporting pillar page that can be found here: https://anchore.com/wp-admin/post.php?post=987474886&action=edit The blog post is meant to remain “public” so that it will continue to show on the /blog feed. This will help discoverability for people browsing the blog and potentially help SEO. If it is clicked […] The post FedRAMP Continuous Monitoring: Overview & Checklist appeared first on Anchore.| Anchore
Syft is an open source CLI tool and Go library that generates a Software Bill of Materials (SBOM) from source code, container images and packaged binaries. It is a foundational building block for various use-cases: from vulnerability scanning with tools like Grype, to OSS license compliance with tools like Grant. SBOMs track software components—and their […] The post How Syft Scans Software to Generate SBOMs appeared first on Anchore.| Anchore
Today, we’re excited to announce the launch of “Software Bill of Materials 101: A Guide for Developers, Security Engineers, and the DevSecOps Community”. This eBook is free and open source resource that provides a comprehensive introduction to all things SBOMs. Why We Created This Guide While SBOMs have become increasingly critical for software supply chain […] The post SBOMs 101: A Free, Open Source eBook for the DevSecOps Community appeared first on Anchore.| Anchore
Software Bill of Materials (SBOM) has emerged as a pivotal technology to scale product innovation while taming the inevitable growth of complexity of modern software development. SBOMs are typically thought of as a comprehensive inventory of all software components—both open source and proprietary—within an application. But they are more than just a simple list of […] The post How to Tackle SBOM Sprawl and Secure Your Supply Chain appeared first on Anchore.| Anchore
This blog post has been archived and replaced by the supporting pillar page that can be found here: https://anchore.com/wp-admin/post.php?post=987474704&action=edit The blog post is meant to remain “public” so that it will continue to show on the /blog feed. This will help discoverability for people browsing the blog and potentially help SEO. If it is clicked […] The post A Complete Guide to Container Security appeared first on Anchore.| Anchore
To close out 2024, we’re going to count down the top 10 hottest hits from the Anchore blog in 2024! The Anchore content team continued our tradition of delivering expert guidance, practical insights, and forward-looking strategies on DevSecOps, cybersecurity compliance, and software supply chain management. This top ten list spotlights our most impactful blog posts […] The post The Top Ten List: The 2024 Anchore Blog appeared first on Anchore.| Anchore
ModuleQ, an AI-driven enterprise knowledge platform, knows only too well the stakes for a company providing software solutions in the highly regulated financial services sector. In this world where data breaches are cause for termination of a vendor relationship and evolving cyberthreats loom large, proactive vulnerability management is not just a best practice—it’s a necessity. […] The post ModuleQ reduces vulnerability management time by 80% with Anchore Secure appeared first on Anc...| Anchore
Welcome back to the second installment of our two-part series on “The Evolution of SBOMs in the DevSecOps Lifecycle”. In our first post, we explored how Software Bills of Materials (SBOMs) evolve over the first 4 stages of the DevSecOps pipeline—Plan, Source, Build & Test—and how each type of SBOM serves different purposes. Some of […] The post The Evolution of SBOMs in the DevSecOps Lifecycle: Part 2 appeared first on Anchore.| Anchore
The software industry has wholeheartedly adopted the practice of building new software on the shoulders of the giants that came before them. To accomplish this developers construct a foundation of pre-built, 3rd-party components together then wrap custom 1st-party code around this structure to create novel applications. It is an extraordinarily innovative and productive practice but […] The post The Evolution of SBOMs in the DevSecOps Lifecycle: From Planning to Production appeared first on...| Anchore
Choosing the right SBOM (software bill of materials) generator is tricker than it looks at first glance. SBOMs are the foundation for a number of different uses ranging from software supply chain security to continuous regulatory compliance. Due to its cornerstone nature, the SBOM generator that you choose will either pave the way for achieving […] The post Choosing the Right SBOM Generator: A Framework for Success appeared first on Anchore.| Anchore
Kubernetes' 'allowPrivilegeEscalation' is a useful but poorly understood security hardening setting. Let's dive into how it works and debunk some common myths about it.| Christophe Tafani-Dereeper