Open source container image scanning - Integrated with Sysdig Secure + open source Falco.
Anchore Engine is an open source container image scanning tool that analyzes packages and third-party libraries present in container images to find known software vulnerabilities and report on content and licenses.
Anchore Engine and Falco compliment each other to provide image scanning and runtime security using open source tools.
Anchore integrated with Sysdig Secure product provides the latest software vulnerability updates, integration with CI/CD pipeline tools and complete container security lifecycle management with vulnerability management, compliance and audit, runtime security, threat defense, forensics and incident response.
Analyze container images
Analize container images to find known software vulnerabilities including official OS packages, unofficial packages and third-party libraries such as NodeJS NPM, Python PiP, Ruby GEM, and Java JAR/WAR.
Image scanning can be run at multiple points in the delivery pipeline: during build time in the CI server and to images available on a container registry or already running. You can just report or break the pipeline until the image is compliant with your policy.
Define + enforce security policies
Define policies to govern security vulnerabilities, whitelist or blacklist OS packages and third-party libraries, configuration file contents, language modules or software licenses. Check if your container images and Dockerfiles are following your policy and security best practices.
Integrate with your orchestration platform, such as Kubernetes, to ensure that only images that are certified by your organization are run in your cluster, using an Admission Controller.Integrate with your existing workflow
Anchore Engine + open source Falco
Check out our article on Docker container image scanning and how to check if vulnerable images are running with open source Falco.
Anchore + Sysdig Secure
Anchore together with the latest software vulnerability updates and fix status have been integrated with Sysdig Secure product.
Anchore Engine project
Anchore Engine is an open source project. Check it out on GitHub and join the community.
Building an Open Source Container Security Stack.
Container security is top-of-mind for any organization adopting Docker and Kubernetes. In this session Sysdig and Anchore present how you…
- Hosted by Daniel Nurmi from Anchore with Jorge Salamero Sanz & Michael Ducy from Sysdig
Find out the Latest
Docker scanning for Jenkins CI/CD security with the Sysdig Secure plugin.
In this blog post we’ll cover how to implement Docker Scanning for Jenkins with the Sysdig Secure Jenkins plugin. The…
Stay up to date
Sign up for our monthly Cloud-native News.
Find out the Latest
Scanning images in Azure Container Registry
Use of container platforms like Azure Kubernetes Service (AKS) is accelerating quickly and driving the need for cloud-native security automation.…