Le Lézard
Classified in: Transportation, Science and technology
Subject: PDT

Anchore Demonstrates How to Further Software Supply Chain Security with Signed SBOMs and Security Reports

SANTA BARBARA, Calif., Sept. 20, 2021 /PRNewswire/ -- Anchore, a leader in software supply chain security, today introduced a demonstration workflow that shows how software producers can create, sign, and share accurate software bill-of-material (SBOM) and security reports to help further the security of software supply chains. As the United States government implements the Executive Order on Improving the Nation's Cybersecurity, federal agencies expect to require SBOMs from their software vendors. Commercial enterprises can also benefit from verifiable documents that attest to the contents and security status of the software they use.

The demonstration workflow leverages open source tools Syft, Grype, and Sigstore's Cosign to create and share signed attestations about the security of software applications delivered in containers.

The workflow details how software producers can:

Software users can then verify the software container image, SBOM, and vulnerability report for an accurate picture of both the contents and security status of the software they are using.

The demonstration workflow was developed in partnership with Sigstore and builds off the complementary capabilities of open source tools, Syft, Grype, and Sigstore's Cosign. A detailed blog on how to implement this demonstration workflow is available here and sample code and documentation is available here.

Why Software Supply Chain Security is Important
The need for a secure software supply chain increases in priority and urgency each day due to continued and persistent cyberattacks. The widespread use of DevOps processes to speed cloud-native software development has led to a concurrent rise in the use of software containers. An Anchore survey of 400+ large enterprises showed that 65% of respondents have a significant number of applications running in containers.

Containers make it easy to package software during development, but can bring in multiple open source software (OSS) dependencies as applications move through the DevOps pipeline, creating new security requirements. As a result, 63% of survey respondents plan to increase container use and 60% report improving supply chain security as a top initiative.

Anchore and Sigstore Cosign engineers are working in tandem to educate the open source community and raise industry awareness of software supply chain security and available tools to proactively secure the development pipeline. More information about SBOMs and the importance of container attestation for SBOM signing is available in this blog post.

About Anchore
Anchore is a leader in software supply chain security and enables organizations to protect cloud-native applications against software supply chain attacks. Anchore technology embeds continuous security and compliance checks at every stage of the software development process to prevent security risks from reaching production. Large enterprises and government agencies use Anchore solutions to generate a comprehensive software bill of materials, pinpoint vulnerabilities, identify malware and discover unprotected credentials that can lead to hacks and ransomware. With an API-centric approach, Anchore solutions integrate into the tools developers already use to detect issues earlier, saving time and lowering the cost to fix vulnerabilities. To learn more visit www.anchore.com.

Media contact:
Brandie Gerrish

SOURCE Anchore

These press releases may also interest you

15 oct 2021
October is Fall Car Care Month ? perfect timing for many families prior to holiday travel and vacations. Bangor-area drivers in need of a brand-new set of tires this fall may find the right tires for their car, truck or SUV at Downeast Toyota. To...

15 oct 2021
Blume Global, the leading provider of supply chain execution and visibility solutions, is proud to be the first to deliver logistics execution and supply chain visibility solutions completely native to Google Cloud Platform. Customers that use...

15 oct 2021
Albeit no specific details are being released about the new fishery, the Coalition of Atlantic and Quebec Fishing Organizations recognizes a new agreement between the Department of Fisheries and Oceans and four local Mi'kmaq bands around the...

15 oct 2021
NAV CANADA announced today its traffic figures for the month of September 2021, as measured in weighted charging units for enroute, terminal and oceanic air navigation services, in comparison to the last fiscal year and to its 2019 fiscal year. ...

15 oct 2021
In early 2020, the French Defense Innovation Agency launched a program in partnership with 8tree, Donecle and Dassault to explore automated drone-based dent-inspection of the Rafale military aircraft. The focus of this program was to develop an...

15 oct 2021
The Order Fulfillment Services will grow at a CAGR of 5.24% by 2024. This report offers key advisory and intelligence to help buyers identify and shortlist the most suitable suppliers for their Order Fulfillment Services requirements. Fetch...

News published on 20 september 2021 at 09:30 and distributed by: