anchore

Today's Platform Engineering Day at KubeConEU⚡
If you're the one who has to roll out patches across 1000s of containers when a CVE drops, then join Join Josh Bressers and experts in Hall 8, Room F at 14:30 CET to talk practical zero-day rescue plans.
https://sched.co/2DY4P

🚨 Today at Open Source SecurityCon: Don't miss the "It's Not If, It's When" panel. Anchore's Josh Bressers joins a quality panel of guests to talk about practical software supply chain attack prep.

📍 Hall 8 | Room D | 11:50 CET
https://sched.co/2DY3p

#KubeConEU

Scale-out architecture for web-scale environments 📈

Because your containers don't wait for security scans ⏱️

https://anchore.com/platform/secure/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps

@joshbressers: "If you can't search your past builds, you can't bound your blast radius. SBOMs turn a frantic morning into a simple query."

His zero-day incident response story from inside Anchore's response to the NPM supply chain attack:

https://anchore.com/blog/a-zero-day-incident-response-story-from-the-watchers-on-the-wall/

"Source code is to build artifacts as data sets are to AI models."

Kate Stewart (The Linux Foundation) explains why you can't trust your AI if you don't know what trained it.

Read why the "S" in SBOM is standing for System: https://anchore.com/blog/the-s-in-sbom-is-for-system/

#SoftwareSupplyChain #SBOM

FedRAMP compliance in weeks, not months ⚡

Ready-to-deploy policy packs for instant compliance feedback 📋

https://anchore.com/platform/enforce/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance

"The format doesn't really matter... It's really about the content."

We hosted @stevespringett, Chair of the CycloneDX WG, to discuss why the industry needs to stop fighting format wars and start focusing on data utility.

Read the 4 lessons: https://anchore.com/blog/4-lessons-on-future-of-software-transparency-with-steve-springett/

The EU #CRA means SBOMs are no longer optional.

✅ Generate #SBOM in machine-readable format
✅ Include top-level dependencies
✅ Keep updated throughout product lifecycle
✅ Be ready by December 2027

Get our complete compliance checklist:

🔗 https://anchore.com/sbom/eu-cra/

Using an open-source SBOM tool guards against vendor lock-in. Even if using a proprietary supply chain platform, generate with OSS and export to SPDX/CycloneDX.

Our new eBook, SBOM 102, compares Syft, Microsoft SBOM Tool, Tern, cdxgen, and language-specific plugins so you can match the tool to your exact stack.

Read the eBook: https://go.anchore.com/sbom102-guide-to-automated-sboms.html

Vulnerability data has been a mess lately. NVD meltdowns, CVE funding issues, and an alphabet soup of metrics (CVSS, EPSS, KEV). How are security teams supposed to keep up? Catch Anchore's Josh Bressers at CypherCon to find out. https://cyphercon.com/speaker/wtf-is-going-on-with-cve/

Open source maintainers: drowning in a sea of "good first issues" that never get picked up? You're not alone.

It's a contributor time-shortage problem. Our Dir of DevRel @popey.me wondered if an AI could help. So he tried it.

Read to full post: https://anchore.com/blog/can-an-llm-really-fix-a-bug-a-start-to-finish-case-study/

Your MCP server might be the weakest link—here's the data. @josh.bressers.name scanned 161 MCP images and found 9,000 vulns / 263 criticals. Read the breakdown and fixes: https://anchore.com/blog/analyzing-the-top-mcp-docker-containers/

#MCP #SoftwareSupplyChain #ContainerSecurity #DevSecOps

Attackers are getting smarter. Your agency can too. 🧠

👉 This new quick-read guide with @govloop shows how government teams are boosting resilience, tightening governance, and staying ahead of modern cyber risks.

📖 Grab your copy and level up your cybersecurity strategy today: https://info.govloop.com/building-toward-cyber-resilience?utm_source=sponsor&utm_medium=social&utm_campaign=Anchore

#CyberResilience #GovTech #GovTech #DataSecurity #CyberStrategy #InfoSec

When a zero-day drops, finding the vulnerability is only step one. How do you deploy the patch across 10,000 containers by Friday?

Join Josh Bressers at Platform Engineering Day (#KubeConEU) to learn how platform design is your ultimate rescue plan. 🛟
https://sched.co/2DY4P

Tired of the "it passed on my machine" friction? 🤝 Devs and Security can finally look at the exact same data. Anchore 5.25 aligns AnchoreCTL & our enterprise backend with the same underlying libraries for perfect consistency.

https://anchore.com/blog/anchore-enterprise-5-25/

#DevSecOps #SBOM

False positives killing your team's productivity? 😵‍💫

Anchore Secure gives you signal, not noise 📡

https://anchore.com/platform/secure/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps

Anchore SBOM Score = CVSS + EPSS + KEV status 📊

Because not all vulnerabilities are created equal ⚠️

https://anchore.com/platform/sbom/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps

Fact: Security teams are drastically outnumbered by developers.

When the next zero-day hits, will your team be ready? Join Josh Bressers & a great lineup at Open Source SecurityCon on March 23 to talk tactical prep rather than panic. https://sched.co/2DY3p

#DevSecOps #KubeCon

Starting in 1 hour! ⏳

Join our live Customer Spotlight to see the workflow Mattermost uses to secure their containers, plus a demo of Anchore's policy-driven platform in action.

See you there: https://go.anchore.com/beyond-the-sbom-with-mattermost.html

"Cybersecurity Awareness Month had its moment. It's over."

New from Anchore VP of Security, @Josh Bressers: ditch the calendar ritual/ Instead build trust daily.

Read: https://anchore.com/blog/cybersecurity-awareness-month-no-longer-works/