Overview

Anchore Enterprise is an SBOM‑powered software supply chain security platform designed for continuous vulnerability scanning, policy enforcement, and compliance automation. It enables DevSecOps teams to generate and manage software bills of materials (SBOMs), detect vulnerabilities, secrets, malware, and misconfigurations within container images and code artifacts. With support for import of external SBOMs, continuous threat detection, automated enforcement of compliance policies (e.g. NIST, FedRAMP, CIS), and seamless integration into CI/CD pipelines and orchestration platforms, Anchore empowers organizations to maintain secure cloud‑native software delivery without sacrificing development velocity.

Features and Capabilities

• **SBOM generation & import: **Automatically generate SBOMs from code, containers or registries using Syft; import SBOMs in SPDX, CycloneDX or Syft formats for unified management.
• **Validation & Supply‑Chain Visibility: **Validate uploaded SBOMs for schema compliance and maintain a centralized repository with metadata and version control to track software components across internal and external sources.
• **Continuous Vulnerability, Malware & Secrets Scanning: **Secret, malware and OS and language‑specific vulnerability scanning continuously against updated threat feeds (NVD, CISA, vendor sources); proactive alerting without rescanning artifacts.
• **Policy‑as‑Code & Compliance Automation: **Define custom or pre-built policy packs (e.g. NIST 800‑53, FedRAMP, CIS Docker) as JSON rules; enforce controls on Dockerfiles, base images, package blacklists/whitelists, file metadata, exposed ports, etc.
• **Runtime Context & Orchestration Integration: **Inventory of running images across Kubernetes, EKS, ECS, OpenShift; prioritize remediation of running workloads and perform runtime forensics.
• **Open Source Foundation & Enterprise-Ready: **Built upon open-source tools Syft and Grype for SBOM generation and vulnerability scanning; provides scalability, multi-tenancy, APIs, command-line client AnchoreCTL, GUI, and enterprise deployment architecture for teams and organizations.
• **CI/CD & Toolchain Integrations: **Out-of-the-box integration with common CI/CD pipelines and container registries; embed scanning and policy enforcement at each lifecycle step using RESTful API, CLI or GUI.