Open source container image scanning - Integrated with Sysdig Secure + open source Falco.

Anchore Open Source

Anchore Engine is an open source container image scanning tool that analyzes packages and third-party libraries present in container images to find known software vulnerabilities and report on content and licenses.

Anchore Engine and Falco compliment each other to provide image scanning and runtime security using open source tools.

Anchore integrated with Sysdig Secure product provides the latest software vulnerability updates, integration with CI/CD pipeline tools and complete container security lifecycle management with vulnerability management, compliance and audit, runtime security, threat defense, forensics and incident response.

Key Features

Analyze container images

Analize container images to find known software vulnerabilities including official OS packages, unofficial packages and third-party libraries such as NodeJS NPM, Python PiP, Ruby GEM, and Java JAR/WAR.

CI/CD integration

Image scanning can be run at multiple points in the delivery pipeline: during build time in the CI server and to images available on a container registry or already running. You can just report or break the pipeline until the image is compliant with your policy.

Define + enforce security policies

Define policies to govern security vulnerabilities, whitelist or blacklist OS packages and third-party libraries, configuration file contents, language modules or software licenses. Check if your container images and Dockerfiles are following your policy and security best practices.

Kubernetes integration

Integrate with your orchestration platform, such as Kubernetes, to ensure that only images that are certified by your organization are run in your cluster, using an Admission Controller.Integrate with your existing workflow

Get started.

Sysdig Monitor

Anchore Engine + open source Falco

Check out our article on Docker container image scanning and how to check if vulnerable images are running with open source Falco.

Sysdig Monitor

Anchore + Sysdig Secure

Anchore together with the latest software vulnerability updates and fix status have been integrated with Sysdig Secure product.

Sysdig Monitor

Anchore Engine project

Anchore Engine is an open source project. Check it out on GitHub and join the community.

Sysdig Monitor

On-Demand Webinar

Building an Open Source Container Security Stack.

Container security is top-of-mind for any organization adopting Docker and Kubernetes. In this session Sysdig and Anchore present how you…

- Hosted by Daniel Nurmi from Anchore with Jorge Salamero Sanz & Michael Ducy from Sysdig

Sysdig Monitor

Find out the Latest

Docker scanning for Jenkins CI/CD security with the Sysdig Secure plugin.

In this blog post we’ll cover how to implement Docker Scanning for Jenkins with the Sysdig Secure Jenkins plugin. The…

Stay up to date

Sign up for our monthly Cloud-native News.

Sysdig Monitor

Find out the Latest

Scanning images in Azure Container Registry

Use of container platforms like Azure Kubernetes Service (AKS) is accelerating quickly and driving the need for cloud-native security automation.…