Anchore Container Security

Anchore is a container security and compliance platform that enables organizations to scan, analyze, and enforce security policies on container images throughout the software supply chain. Founded in 2016 and headquartered in Santa Barbara, California, the company provides both open source and enterprise solutions for ensuring container security. The open source Anchore Engine performs deep image analysis, inspecting the contents of container images at the file, package, and metadata level to identify vulnerabilities, configuration issues, license compliance violations, and secrets. The analysis results feed into a powerful policy engine that evaluates images against customizable security and compliance policies defined in JSON, automatically approving or blocking images based on criteria such as maximum CVSS scores, banned packages, required base image requirements, and operating system hardening benchmarks. Anchore integrates with CI/CD pipelines through Jenkins, GitLab CI, GitHub Actions, and CircleCI plugins, automatically scanning images at build time and blocking deployment of non-compliant images to production. The enterprise product, Anchore Enterprise, adds role-based access control, multi-registry support, vulnerability databases with guaranteed SLAs, RBAC, audit logging, and integration with container registries including Amazon ECR, Google GCR, Azure ACR, Docker Hub, Harbor, and Quay. The platform uses the National Vulnerability Database (NVD), operating system vendor advisories, and the Anchore Vulnerability Database for comprehensive vulnerability coverage.