Open source container image scanning – Integrated with Sysdig Secure + open source Falco
Anchore Engine is an open source container image scanning tool that analyzes packages and third-party libraries present in container images to find known software vulnerabilities and report on content and licenses.
Anchore Engine and Falco compliment each other to provide image scanning and runtime security using open source tools.
Anchore integrated with Sysdig Secure product provides the latest software vulnerability updates, integration with CI/CD pipeline tools and complete container security lifecycle management with vulnerability management, compliance and audit, runtime security, threat defense, forensics and incident response.
Analyze container images
Analize container images to find known software vulnerabilities including official OS packages, unofficial packages and third-party libraries such as NodeJS NPM, Python PiP, Ruby GEM, and Java JAR/WAR.
Image scanning can be run at multiple points in the delivery pipeline: during build time in the CI server and to images available on a container registry or already running. You can just report or break the pipeline until the image is compliant with your policy.
Define & enforce security policies
Define policies to govern security vulnerabilities, whitelist or blacklist OS packages and third-party libraries, configuration file contents, language modules or software licenses. Check if your container images and Dockerfiles are following your policy and security best practices.
Integrate with your orchestration platform, such as Kubernetes, to ensure that only images that are certified by your organization are run in your cluster, using an Admission Controller.Integrate with your existing workflow
Anchore Engine & open source Falco
Check out our article on Docker container image scanning and how to check if vulnerable images are running with open source Falco.
Anchore Engine & Sysdig Secure
Anchore together with the latest software vulnerability updates and fix status have been integrated with Sysdig Secure product.
Anchore Engine project
Anchore Engine is an open source project. Check it out on GitHub and join the community.