Stop guessing what "GPL-ish" means. Grant groups licenses by risk so you can approve/deny in seconds. One list, not fifty rules.

👉 anchore.com/blog/grants-release-0-3-...

#OpenSource #SupplyChainSecurity #Compliance #DevSecOps

@josh.bressers.name cuts through the complexity: "Your infrastructure could be a container image... how do you even start to understand what's inside?"

Stop guessing. Start using SBOMs. 💡

anchore.com/blog/sbom-is-an-investme...

HUGE NEWS! 📣

The "father of SBOM," @allanfriedman.bsky.social, is joining Anchore as a Board Advisor!

We sat down with him to discuss the future of #SoftwareSupplyChainSecurity and what comes after SBOM.... anchore.com/blog/anchore-welcomes-sb...

The EU CRA isn't just policy; it's an economic reality check. 📉

Kate Stewart discusses how steep penalties are finally forcing positive changes in industry hygiene. Transparency is no longer optional. It's the price of admission.

https://anchore.com/blog/the-s-in-sbom-is-for-system/

Need to get your CI pipeline humming? 🚀 The secret to speeeeeed is shifting left FAST with Anchore Enterprise! Learn how to optimize your SBOM generation performance by leveraging distribute... anchore.com/blog/shift-left-fast-sup...

#DevSecOps #CI #SBOM #ShiftLeft

Anchore Enterprise 5.25: Unified Scanning & First-Class SBOMs Discover Anchore Enterprise 5.25, featuring a unified Syft & Grype scanning engine, advanced imported SBOM management, and EPSS vulnerability filtering.

Cut through the noise. 🛟 Bring the power of EPSS and CISA KEV prioritization directly to your imported SBOMs with Anchore 5.25. Focus your remediation efforts on what actually poses a risk, rather than drowning in low-s...
https://anchore.com/blog/anchore-enterprise-5-25/

#VulnerabilityManagement

Enhanced Security Visibility: Bitnami Images Now Fully Scanned by Anchore Tools We are excited to announce an enhancement to the security reporting for all Bitnami images: Bitnami Secure Images are now correctly and fully scanned by Anchore’s open source project Grype analysis to...

Bitnami Secure Images now work seamlessly with @anchore.com's Grype for accurate CVE scanning.
Fewer false positives, clearer security posture, and simplified compliance for PhotonOS-based images.

Read more: blogs.vmware.com/tanzu/enhanc...
#security #containers #opensource #SBOM

You're shipping an OS, not just an app. 🚢

Why isn't application-level security enough for containers? Because standard SCA tools don't have OS vulnerability visibility.

See our latest blog featuring insights from Mattermost ... anchore.com/blog/mattermost-containe...

In 2024, the industry learned what an SBOM was. In 2026, the Public Sector is demanding we use them effectively.
Under EO 14028, every container needs a clear pedigree... anchore.com/blog/the-top-ten-list-th...

#FedRAMP #DevSecOps #SBOM #NIST #Cybersecurity #PublicSectorIT

Attackers are getting smarter. Your agency can too. 🧠

👉 This new quick-read guide with @govloop shows h... info.govloop.com/building-toward-cyber-re...

#CyberResilience #GovTech #GovTech #DataSecurity #CyberStrategy #InfoSec

SBOM-first isn't just a buzzword—it's the architecture that makes continuous security actually possible 🔄

Feel the difference ⚡

https://anchore.com/platform/

#SBOM #CRA #SoftwareSupplyChain #Compliance

Stop translating NIST 800-53 controls into manual checks. 🛑
For teams deploying containers in Federal environments, compliance often feels like a bott... docs.anchore.com/current/docs/compliance_...

#FedRAMP #DevSecOps #SBOM #NIST #Cybersecurity #PublicSectorIT

With the EU's Cyber Resilience Act, #SoftwareTransparency isn't optional. It's a global mandate.

We're thrilled to announce #SBOM pioneer @allanfriedman.bsky.social is joining the Anchore board to help nav... anchore.com/blog/anchore-welcomes-sb...

Neil Levine, Anchore | Chainguard Assemble 2026 In this interview from Chainguard Assemble 2026 in New York City, Neil Levine, senior vice president of product at Anchore, joins theCUBE's Rebecca Knight and theCUBE Research's Paul Nashawaty to discuss how AI-generated code is dramatically expanding the software supply chain attack surface. Levine explains that AI introduces dependencies without human discretion — pulling in unfamiliar packages or even writing its own — making it far harder for organizations to know what is actually running in their environments. He highlights how SBOMs have matured from a buzzword into a foundational transparency layer and details why automated, continuous policy enforcement is now the only way product security teams can keep pace. The conversation also explores the complementary partnership between Chainguard and Anchore, where Chainguard provides hardened base images and Anchore delivers last-mile compliance verification across the software factory and production. Levine reflects on how security spent the past five years catching up to the DevOps revolution, noting that organizations can no longer afford to treat compliance as a bottleneck that slows feature delivery. He draws a striking comparison between today's AI-driven threat landscape and the earliest days of the internet, underscoring that current attacks represent only the first wave. From bridging the gap between developer velocity and product security accountability to preparing for an era where attackers wield AI at scale, Levine provides a practical perspective on how enterprises can ship faster without sacrificing trust. Find more SiliconANGLE news and analysis https://siliconangle.com/ Follow theCUBE's wall-to-wall event coverage https://siliconangle.com/events/ Learn about the latest theCUBE events https://www.thecube.net/ 00:00 - Intro 00:06 - Integrating AI and Security in Software Supply Chains: A Comprehensive Overview 02:55 - Risks in AI-generated Code 05:08 - Enhancing Software Security: The Role of SBOMs and Strategic Partnerships 08:09 - Bridging the Software Security Gap: Navigating Present Challenges and Future Directions #theCUBE #ChainguardAssemble #theCUBEresearch #Anchore #Chainguard #SoftwareSupplyChain #AI

Manual security gates cannot scale with modern code volume. Watch our recent theCUBE interview to see how integrating Anchore's automated compliance with @chainguard_dev base images allows teams to maintain continuous delivery: https://www.youtube.com/watch?v=T9MCTSaaIh4

If you write code, buy software, or run apps (so... everyone in 2025), everything you know about software development is changing.

The "move fast and break things" era is now "move fast and document everything."

What's your compli... anchore.com/blog/navigating-the-new-...

CRA demands SBOMs stored for 10 years. PCI-DSS 4 requires scans every 3 months minimum.

Compliance isn't annual anymore—it's continuous.

@josh.bressers.name explains why your DevOps team already knows how to solve this problem:

anchore.com/blog/compliance-isnt-an-...

MCP is having a moment. @josh.bressers.name wanted to know: what are we actually shipping?

9,000 vulns
263 critical findings
36K+ NPM packages
Outdated base images

Not fear-mongering—just data-driven real... anchore.com/blog/analyzing-the-top-m...

#MCP #ContainerSecurity

Fragmentation in the vulnerability identifier ecosystem happened long ago, but a lack of competition is what made things worse. Now, we're seeing incredible projects step up: the European Union Vulnera... anchore.com/blog/cve-is-saved-but-th...
#OpenSource #InfoSec #CyberDefense

Integrating Anchore Security Scanning into Your Azure DevOps Pipeline | Anchore With a few lines of yaml, add security to your Azure DevOps pipeline to keep non-compliant containers from reaching production environments.

New Update: Integrating @Anchore with Azure DevOps. ⚡️
Whether you're using distributed analysis to keep data local or centralized analysis for full malware scanning, this updated guide walks you through the YAML and conf... https://anchore.com/blog/anchore-azure-devops/
#CICD #Azure #Docker #AppSec

WTF is going on with CVE? – CypherCon {excerpt}

Intrigue, stupidity, & hope. That's the story of our current vulnerability data crisis. Anchore VP of Security Josh Bressers will explain how we got into this CVE mess & how your security team can survive it at CypherCon today! https://cyphercon.com/speaker/wtf-is-going-on-with-cve/

FedRAMP is moving faster than ever. With the new "FedRAMP 20x" initiative and the shift toward Rev 5, the days of manual spreadsheets and quarterly reviews are gone.
If you're managing co... https://anchore.com/fedramp/fedramp-overview/
#FedRAMP #DevSecOps #SBOM #NIST #Cybersecurity #PublicSectorIT

Shift-left compliance checking ⬅️

Catch violations before deployment, not during audits 🛡️

https://anchore.com/platform/enforce/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance

False positives killing your team's productivity? 😵‍💫

Anchore Secure gives you signal, not noise 📡

https://anchore.com/platform/secure/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps

FedRAMP compliance in weeks, not months ⚡

Ready-to-deploy policy packs for instant compliance feedback 📋

https://anchore.com/platform/enforce/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance

The recent years have severely tested our reliance on foundational vulnerability data sources like CVE and NVD, leading to a significant loss of trust. As one of the key takeaways from ...
anchore.com/blog/cve-is-saved-but-th...

#Cybersecurity #VulnerabilityManagement #CVE #NVD

🎯 Users have always been a target, but AI‑powered attacks are making it easier than ever for bad ... @govloop info.govloop.com/building-toward-cyber-re...
#CyberResilience #GovTech #GovTech #DataSecurity #CyberStrategy #InfoSec

Anchore SBOM Score = CVSS + EPSS + KEV status 📊

Because not all vulnerabilities are created equal ⚠️

https://anchore.com/platform/sbom/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps

The days of second-guessing your scanner are over. 🎯 @grype now natively supports @bitnami PhotonOS!
@jonoberg details how this empowers teams to build confidently with meaningfully reduced risk.
Read more: https://anchore.com/blog/anchore-bitnami-secure-images/

#riskmanagement #opensource

Don't just generate SPDX or CycloneDX files—use them.

Our new eBook, SBOM 102, explores using SBOMs for proactive vulnerability management, license compliance, and incident response.

💡Turn static JSON into actionable data.
go.anchore.com/sbom102-guide-to-automat...

Supply chain attacks ↗️ 742% in 2023

Your traditional security stack wasn't built for this fight.

SBOM-first architecture changes everything ⚡

https://anchore.com/platform/

#SoftwareSupplyChain #SBOM #CyberSecurity