DEVOPSdigest

Anchore announced release of a new major upgrade of its container security and compliance platform, Anchore Enterprise 3.0.

With the release of Anchore Enterprise 3.0 organizations can now protect against software supply chain threats from development to production and accelerate the delivery of secure,container-based software.

New capabilities in this release include:

- End-to-end container security from development to Kubernetes: Anchore Enterprise 3.0 broadens coverage of the software supply chain by making the security status of running images visible to developers and security teams. This provides added layers of security and reduces the risk of security breaches caused by insecure code being included in production applications.

- Distributed scanning that integrates seamlessly with developer workflows: Anchore Enterprise can now perform automated security checks locally on developer systems and within the CI/CD pipeline. This release includes new, lightweight tools that can be deployed at various points in the software development lifecycle and feed results back to the central Anchore Enterprise system to be processed based on organizational policies.

- Reduced false positives making developers more productive: Anchore Enterprise 3.0 provides new features that reduce false positives, enabling developers to focus on the critical security issues that must be fixed. Users can now easily correct any misidentifications to ensure that future checks have fewer false positives. Security teams can leverage time-based whitelists that enforce SLAs for developers to address security while avoiding repeated alerts.

- Remediation recommendations that reduce time and cost to fix security issues: This release provides automated remediation suggestions for vulnerable containers and enables security teams to triage policy violations, select remediation options, and issue notifications through tools like Jira, Slack, Teams, Gitlab, GitHub, traditional email and more. As a result, security issues are fixed earlier in the development lifecycle, resulting in lower costs and fewer delays.

"Digital transformation is driving companies and government agencies to improve their cybersecurity posture," said Saïd Ziouani, CEO of Anchore. "With Anchore Enterprise 3.0 we're expanding DevSecOps protections and reducing security risks by providing multiple layers of protection across the software supply chain. As organizations adopt 'defense in depth' strategies, they are seeking to significantly decrease the number of security issues that make it through to staging or production, where risks are higher and fixes are more costly. With this release we're making it easier to automate security checks from the earliest stages of the software development lifecycle all the way through production."