Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Brite
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (Darkly)
  • No Skin
Collapse
Brand Logo
anchoreA

anchore@mstdn.business

@anchore@mstdn.business
About
Posts
23
Topics
23
Shares
0
Groups
0
Followers
0
Following
0

View Original

Posts

Recent Best Controversial

  • Stop chasing a "zero CVE" dashboard.
    anchoreA anchore

    Stop chasing a "zero CVE" dashboard.

    In 2026, the real winners won't be the ones with the fewest vulnerabilities, they'll be the ones with the fastest upgrade engines.

    We break down the new playbook for supply chain security: https://anchore.com/blog/no-crystal-ball-but-2026-directions/

    Uncategorized

  • We treat source code and containers as untrusted until explicitly verified.
    anchoreA anchore

    We treat source code and containers as untrusted until explicitly verified.

    In a Zero Trust world, confidence isn't assumed, it's proven πŸ›‘οΈ

    Read how Chadd Owen maps the 7 Pillars of Zero Trust to actionable security: https://anchore.com/blog/anchore-enterprise-powers-dow-zero-trust/

    #ZeroTrust

    Uncategorized zerotrust

  • "Transparency is the path to minimizing risk."
    anchoreA anchore

    "Transparency is the path to minimizing risk."

    Whether it's a satellite or a financial app, you can't mitigate what you can't see. Kate Stewart (The Linux Foundation) breaks down the future of system-level visibility on the Anchore blog.

    https://anchore.com/blog/the-s-in-sbom-is-for-system/

    Uncategorized

  • How to add vulnerability scanning to developer tools?
    anchoreA anchore

    How to add vulnerability scanning to developer tools?

    @RepoFlow's pattern:

    1. Generate SBOMs with Syft
    2. Scan SBOMs with Grype
    3. Parse JSON, deduplicate CVEs
    4. Display in existing UI

    Security without friction: https://anchore.com/blog/security-without-friction-how-repoflow-created-a-devsecops-package-manager-with-grype/

    Uncategorized

  • πŸš€ New hardened container companies are launching constantly.
    anchoreA anchore

    πŸš€ New hardened container companies are launching constantly.

    The reason isn't compliance mandatesβ€”it's practical necessity.

    When scanners got accurate, the vulnerability problem became impossible to ignore. Hardened images are the efficient solution.

    https://anchore.com/blog/hardened-images-are-here-to-stay/

    Uncategorized

  • Open source is free like a puppy, not free like beer.
    anchoreA anchore

    Open source is free like a puppy, not free like beer. 🐢

    Our VP of Security, @joshbressers, applies this adage to AI-generated code in his new post on Techstrong.ai. He details the rise of "hidden dependencies," where AI copies open source functionality without creating a traceable package manifest.

    For teams trying to automate compliance and reduce audit findings, these hidden risks are a major challenge. Josh argues...
    https://techstrong.ai/contributed-content/the-curious-case-of-ai-dependencies/

    #OpenSource #Infosec

    Uncategorized opensource infosec

  • How did Syft hit 50M downloads?
    anchoreA anchore

    How did Syft hit 50M downloads? By leading the curve on tech like AI security πŸš€

    New support for GGUF format means you can finally generate (S/AI)BOMs for LLMs. Dan Nurmi explains how we keep you at the forefront of the frontier.

    https://anchore.com/blog/syft-grype-grant-50mill-downloads/

    #Syft#SBOM #OpenSource

    Uncategorized syft opensource

  • "Source code is to build artifacts as data sets are to AI models."
    anchoreA anchore

    "Source code is to build artifacts as data sets are to AI models."

    Kate Stewart (The Linux Foundation) explains why you can't trust your AI if you don't know what trained it.

    Read why the "S" in SBOM is standing for System: https://anchore.com/blog/the-s-in-sbom-is-for-system/

    #SoftwareSupplyChain #SBOM

    Uncategorized softwaresupplyc sbom

  • βš“ #WEST2026 starts tomorrow!
    anchoreA anchore

    βš“ #WEST2026 starts tomorrow! See how Anchore drives DevSecOps velocity for Black Pearl (Navy) & Platform One. We automate NIST 800-53 checks to secure the software supply chain.

    πŸ“… Book a demo: https://schedule.qualified.com/9t8Te5B
    Or visit @Carahsoft booth #2341 (Wed).

    Uncategorized west2026

  • @joshbressers: "If you can't search your past builds, you can't bound your blast radius.
    anchoreA anchore

    @joshbressers: "If you can't search your past builds, you can't bound your blast radius. SBOMs turn a frantic morning into a simple query."

    His zero-day incident response story from inside Anchore's response to the NPM supply chain attack:

    https://anchore.com/blog/a-zero-day-incident-response-story-from-the-watchers-on-the-wall/

    Uncategorized

  • Scale-out architecture for web-scale environments πŸ“ˆ
    anchoreA anchore

    Scale-out architecture for web-scale environments πŸ“ˆ

    Because your containers don't wait for security scans ⏱️

    https://anchore.com/platform/secure/

    #SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps

    Uncategorized softwaresupplyc sbom cybersecurity compliance devsecops

  • The EU #CRA means SBOMs are no longer optional.
    anchoreA anchore

    The EU #CRA means SBOMs are no longer optional.

    βœ… Generate #SBOM in machine-readable format
    βœ… Include top-level dependencies
    βœ… Keep updated throughout product lifecycle
    βœ… Be ready by December 2027

    Get our complete compliance checklist:

    πŸ”— https://anchore.com/sbom/eu-cra/

    Uncategorized cra sbom

  • Open source maintainers: drowning in a sea of "good first issues" that never get picked up?
    anchoreA anchore

    Open source maintainers: drowning in a sea of "good first issues" that never get picked up? You're not alone.

    It's a contributor time-shortage problem. Our Dir of DevRel @popey.me wondered if an AI could help. So he tried it.

    Read to full post: https://anchore.com/blog/can-an-llm-really-fix-a-bug-a-start-to-finish-case-study/

    Uncategorized

  • For security engineering leaders: A detailed guide to the FedRAMP authorization process.
    anchoreA anchore

    For security engineering leaders: A detailed guide to the FedRAMP authorization process. Learn about the framework, roles, & a structured approach to achieving compliance. Essential for SaaS/PaaS/IaaS providers targeting the public sector. https://get.anchore.com/unlocking-the-federal-market/

    Uncategorized

  • The door to DoD contracts is open, but the price of admission is transparency.
    anchoreA anchore

    The door to DoD contracts is open, but the price of admission is transparency. πŸšͺπŸ”

    Automated, data-driven transparency is now the baseline. If you don't have the artifacts, you don't get the invite.

    Read the full analysis by @jonoberg: https://anchore.com/blog/dod-swft-initiative-and-promise-of-cato-fulfilled/

    #DoD #SWFT #ATO

    Uncategorized dod swft ato

  • 🚨 Did you know an SBOM is more than a simple list of components?
    anchoreA anchore

    🚨 Did you know an SBOM is more than a simple list of components?

    Our expert webinar reveals how SBOMs are the key to transforming your zero-day response from a frantic search into a precise, targeted operation.

    Discover the SBOM advantage. Watch the webinar now: https://go.anchore.com/rapid-incident-response-with-sboms/ #SBOM #Security #DevSecOps #AppSec

    Uncategorized sbom security devsecops appsec

  • Static scanning is no longer enough.
    anchoreA anchore

    Static scanning is no longer enough. πŸ›‘οΈ

    A clean image today could be critical tomorrow. That's why the US Navy's RAISE 2.0 initiative emphasizes continuous monitoring.

    In this preview, see how we track "drift" in active Kubernetes namespaces and alert on new policy violations without needing to redeploy.

    Watch the full on-demand session here: https://go.anchore.com/us-navy-and-raise-2.html

    Uncategorized

  • Why guard the castle gates if the threat is already inside?
    anchoreA anchore

    Why guard the castle gates if the threat is already inside? 🏰

    Stop focusing solely on the perimeter. It's time to secure the workload itself. Anchore's Chadd Owen breaks down how to protect the software layer.

    https://anchore.com/blog/anchore-enterprise-powers-dow-zero-trust/

    #ZeroTrust #DoD

    Uncategorized zerotrust dod

  • 🚨 Final call for #WEST2026 meetings
    anchoreA anchore

    🚨 Final call for #WEST2026 meetings!
    We're at @Carahsoft Booth #2341 (Wednesday only) demoing air-gapped security & automated compliance.
    Don't let manual RMF checks slow down the mission.
    Secure your 1:1 slot: https://schedule.qualified.com/9t8Te5B

    Uncategorized west2026

  • Don't fall for the CMMC trap.
    anchoreA anchore

    Don't fall for the CMMC trap. 🚫

    Securing your office network (CMMC) won't save you if your product fails SWFT validation. You need both to win the contract.

    @jonoberg clarifies the critical difference in our latest blog.

    https://anchore.com/blog/dod-swft-initiative-and-promise-of-cato-fulfilled/

    #DoD #SWFT #ATO

    Uncategorized dod swft ato
  • Login

  • Don't have an account? Register

  • Login or register to search.
Powered by NodeBB Contributors
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups