Securing and managing the software supply chain. Proud parent of @SyftProject and @GrypeProject.
Joined June 2009
- Tweets 4,870
- Following 1,277
- Followers 2,794
- Likes 1,641
2,568 Photos and videos
BIG NEWS! Anchore Enterprise v6 is officially here. We are eliminating the manual "security tax" with a unified SBOM compliance solution. Transform your static SBOMs into a dynamic application-context engine.
Read the launch blog: anchore.com/blog/anchore-ent…
#SBOM #AppSec
99
Hot off the press 🔥 Learn why Sigma Defense chose Anchore to protect the US Navy's Black Pearl #software #supplychain. More here 👉 anchore.com/wp-content/uploa…
1
3
When the next zero-day drops, will you be scrambling for hours or executing a response in minutes?
In this clip Josh Bressers discusses the power of an SBOM inventory. 📚 See how SBOMs work for a #zeroday in this on-demand webinar: go.anchore.com/rapid-inciden… #SBOM #Cybersecurity
72
Stuck in the "chicken and egg" cycle of needing an agency sponsor to get an ATO? FedRAMP 20X removes the sponsor bottleneck. Learn how to lead with continuous automation instead of massive SharePoint folders: anchore.com/blog/the-old-fed…
29
Catch copyleft licenses before they ship. Use the Anchore Enterprise API to surface per-package license data, correlate vulnerability findings, and build automated compliance checks directly into your tooling. Read part 2 of our technical blog series: anchore.com/blog/working-wit…
21
You have exactly 24 hours to report active exploits under the EU CRA. Manual triage will fail. Deploy deterministic Policy-as-Code to block critical supply chain flaws before they reach the registry, and with zero impact on developer velocity. 🔗 anchore.com/white-papers/nav…
28
Selling software to the US government? Ensure #compliance with #AnchoreEnterprise. Automate #NIST controls and #SSDFAttestation easily. 🌐 ➡️ anchore.com/nist-compliance-…
9
The Anchore Enterprise API turns container inventory into programmatic queries. Retrieve package data and export SBOMs directly to SPDX or CycloneDX in a single API call. Read more in part 2 of our technical blog series: anchore.com/blog/working-wit…
16
🔐 70% of APIs are internal/private. @dfsoftwareinc's story shows how they're securing on-prem API development. Learn how they achieved 70% faster deployments with @anchore. 🔗 anchore.com/wp-content/uploa… #DevSecOps
16
Wonderland is famously short on signposts, but the Anchore Enterprise API has one built in. Every deployment serves its own OpenAPI schema, giving you a machine-readable reference to safely navigate endpoints and response shapes. Read the technical guide: anchore.com/blog/an-introduc…
21
Think of security as just another test in your dev suite. 🧪🔒 It's not just about finding bugs, it's about securing them before they escalate. ➡️ anchore.com/blog/modeling-so… #DevSecOps #VulnerabilityScanning #SoftwareSupplyChainSecurity
26
Stop checking boxes and start building trust. 🛡️
"Establishing trust starts with verifying the provenance of OSS code and validating supplier SBOMs."
At enterprise scale, you can't trust what you can't verify. anchore.com/blog/the-death-o…
27
Alice's first obstacle was a locked door without a key. Don't let your security workflows get stuck. The Anchore Enterprise API is your key to blocking deployments on Critical CVEs or pinging Slack the instant a fix lands. Read the technical walkthrough: anchore.com/blog/an-introduc…
21
T-1 hour until our live walkthrough of Anchore Enterprise v6. Join us shortly to see the new unified asset model, VEX triage capabilities, and automated compliance workflows firsthand. Last call for registration: go.anchore.com/anchore-enter…
7
What happens to your ATO if your AWS billing credit card expires? Under FedRAMP 20X, out-of-boundary metrics matter. We invited @InfusionPoints to discuss how continuous validation looks at the actual business, not just your firewalls: anchore.com/blog/the-old-fed…
32
Here's a sneak peek of Anchore Enterprise v6! We built v6 to break away from scanning siloed assets. By grouping your images and SBOMs into logical "Applications," you get a rolled-up view of your risk so you know where to apply resources to burn it dow... go.anchore.com/anchore-enter…
1
28
Tomorrow, we are running a live technical walkthrough of Anchore Enterprise v6. Join us to see the new application-context engine in action, learn how to automate SBOM compliance, and bring your questions for the live Q&A. Register: go.anchore.com/anchore-enter…
#SBOM
16
The Anchore UI is the polished side of the looking glass, but the API lets you go further down the rabbit hole to build custom automations. Today kicks off a 7-part weekly series on what our API makes possible. Read part 1: anchore.com/blog/an-introduc…
21
EU CRA compliance isn't a point-in-time exercise; it's a mandate backed by €15M fines. Static PDFs will not survive the Sept 11, 2026 reporting deadlines. Learn how to implement CompOps and continuous Live Telemetry in our latest white paper. 🔗 anchore.com/white-papers/nav…
1
2
24
Proactive compliance shouldn't be a bottleneck. Anchore v6 introduces continuous monitoring and "POA&M-as-code." Join our June 4 webinar to see how to automate notifications and manage remediation plans directly within your existing workflows: go.anchore.com/anchore-enter…
#EUCRA
1
1
33
What you intended to build vs. what you actually built.
Steve Springett explains the power of the Manufacturing BOM to catch drift and compromise in the build pipeline. Don't trust the source; verify the build.
More in our latest blog: anchore.com/blog/4-lessons-o…
18