This repo offers step-by-step guidance that take you from deploying Anchore Enterprise (version 5.6.2) to a series of specific labs, showcasing how you can utilize Anchore Enterprise to improve security across your software supply chain.
Anyone who wants to understand how they can improve security across their SDLC using Anchore Enterprise. This repository will get you a running Anchore Enterprise deployment in either a Docker Compose to Kubernetes. After you have a successful deployment, just pick an interesting lab, and we take you through a guided tour with step-by-step instructions.
Anchore Enterprise is a flexible platform that can be utilized in many ways, here are some of these use cases that you might recognise.
SBOM (Software Bill of Materials) - Get comprehensive visibility of your software components to bolster security and ensure vulnerability accuracy with the most complete SBOM available.
Container Vulnerability Scanning - Reduce false positives and false negatives with best-in-class signal-to-noise ratio.
Container Security - Identify and remediate container security risks, and monitor post-deployment for new vulnerabilities.
Container Registry Scanning - Get continuous security and compliance checks integrated directly into your container image registry.
CI/CD Pipeline Security - Embed security and compliance into your CI/CD / DevSecOps pipeline to uncover vulnerabilities, secrets, and malware in your automated build processes and keep development moving.
Cluster Integrations - Allow or prevent deployment of images based on flexible policies and continuously monitor the inventory of insecure images running in your clusters.
FedRAMP Vulnerability Scanning - Meet the new FedRAMP Vulnerability Scanning Requirements for Containers and achieve compliance faster with Anchore.
Cybersecurity & Federal Compliance - Automate compliance checks using out-of-the-box and custom policies.
Each lab below steps you through tried and tested examples across many use cases.
- Deployment - Get Anchore Enterprise & AnchoreCTL Running (REQUIRED)
- VIPERR - Visibility, Inspection, Policy Enforcement, Remediation, Reporting
Anchore supports many use cases, configurations and environments, please check out the Anchore Docs, wider resources, or get in touch directly to learn more.