Anchore.

Open source container image scanning - Integrated with Sysdig Secure + open source Falco.

Anchore Engine is an open source container image scanning tool that analyzes packages and third-party libraries present in container images to find known software vulnerabilities and report on content and licenses.

Anchore Engine and Falco compliment each other to provide image scanning and runtime security using open source tools.

Anchore integrated with Sysdig Secure product provides the latest software vulnerability updates, integration with CI/CD pipeline tools and complete container security lifecycle management with vulnerability management, compliance and audit, runtime security, threat defense, forensics and incident response.

Key Features

Analyze container images

Analize container images to find known software vulnerabilities including official OS packages, unofficial packages and third-party libraries such as NodeJS NPM, Python PiP, Ruby GEM, and Java JAR/WAR.

CI/CD integration

Image scanning can be run at multiple points in the delivery pipeline: during build time in the CI server and to images available on a container registry or already running. You can just report or break the pipeline until the image is compliant with your policy.

Define + enforce security policies

Define policies to govern security vulnerabilities, whitelist or blacklist OS packages and third-party libraries, configuration file contents, language modules or software licenses. Check if your container images and Dockerfiles are following your policy and security best practices.

Kubernetes integration

Integrate with your orchestration platform, such as Kubernetes, to ensure that only images that are certified by your organization are run in your cluster, using an Admission Controller.Integrate with your existing workflow