New Anchore Enterprise 3.0 Release Delivers Major Upgrade to Secure the Software Supply Chain

Added capabilities expand protection to all stages of the DevSecOps lifecycle, preventing security problems from reaching production applications

Anchore, Inc., the leading experts in continuous security and compliance for containers, announced release of a new major upgrade of its container security and compliance platform, Anchore Enterprise 3.0.

Recommended AI News: Shift7 Digital Partners with Salsify to Help Manufacturers Dominate Digital Shelf Strategy

Modern cloud-native software applications include software components from internal and external sources that can introduce security risks at numerous points in the software development lifecycle. With the release of Anchore Enterprise 3.0 organizations can now protect against software supply chain threats from development to production and accelerate the delivery of secure, container-based software.

Recommended AI News: Yellowbrick and g2o Partner to Help Customers Unlock the Value in Their Data

New capabilities in this release include:

End-to-end container security from development to Kubernetes

Anchore Enterprise 3.0 broadens coverage of the software supply chain by making the security status of running images visible to developers and security teams. This provides added layers of security and reduces the risk of security breaches caused by insecure code being included in production applications.

Distributed scanning that integrates seamlessly with developer workflows

Anchore Enterprise can now perform automated security checks locally on developer systems and within the CI/CD pipeline. This release includes new, lightweight tools that can be deployed at various points in the software development lifecycle and feed results back to the central Anchore Enterprise system to be processed based on organizational policies.

Reduced false positives making developers more productive  

Anchore Enterprise 3.0 provides new features that reduce false positives,  enabling developers to focus on the critical security issues that must be fixed. Users can now easily correct any misidentifications to ensure that future checks have fewer false positives. Security teams can leverage time-based allowlists that enforce SLAs for developers to address security while avoiding repeated alerts.

Remediation recommendations that reduce time and cost to fix security issues

This release provides automated remediation suggestions for vulnerable containers and enables security teams to triage policy violations, select remediation options, and issue notifications through tools like Jira, Slack, Teams, Gitlab, GitHub, traditional email and more. As a result, security issues are fixed earlier in the development lifecycle, resulting in lower costs and fewer delays.

“Digital transformation is driving companies and government agencies to improve their cybersecurity posture,” said Saïd Ziouani, CEO of Anchore. “With Anchore Enterprise 3.0 we’re expanding DevSecOps protections and reducing security risks by providing multiple layers of protection across the software supply chain. As organizations adopt ‘defense in depth’ strategies, they are seeking to significantly decrease the number of security issues that make it through to staging or production, where risks are higher and fixes are more costly. With this release we’re making it easier to automate security checks from the earliest stages of the software development lifecycle all the way through production.”

Recommended AI News: Obsidian Cloud Detection and Response Now Available in AWS Marketplace