Post on 22-Jan-2017
6
Anchore is a container image management and analytics toolset. Anchore provides you with insight and control over the contents of your containers from
the start of development all the way to production.
Deploy containers with confidence
TransparencyUncover and track the contents of
application containers with a consistent set of tools
PredictabilityStart from a known set of certified
containers that have been vetted for critical bugs, security vulnerabilities,
and functional completeness
ControlApply operations and security best practices through enforcement of
flexible policies at every stage in the container lifecycle
KEY TENANTS
11
Open Open Source - allowing community effect to drive grassroots adoption, rapidly extend feature set and to enable auditing to provide confidence.
Extensible Highly modular and extensible - allowing customers or 3rd parties to extend analysis, reporting and policy modules.
Cross Platform
Works with any container runtime on premise or in the cloud.Not tightly linked to any individual runtime, CI/CD or orchestration platform.
Developer Focused
With features that appeal to developers in addition to ops and security .
Data Driven
Huge amount of data to collect and analyze from public and private container registries, operating system distributors and package repositories.
On Premise Registry
Operations& Security
Create / Modify base image
Public Registries
VendorRegistries
TYPICAL CONTAINER WORKFLOW
AnalyzePull containers from public
container registries
Collect vulnerability data CVE/NVD etc
Anchore Cloud
Anchore Database
CONTAINER WORKFLOW WITH ANCHORE
Anchore Cloud
Anchore Database
Anchore API{ }
LocalAnchore
Database
SyncSubscription data
Operations& Security
CONTAINER WORKFLOW WITH ANCHORE
Anchore Cloud
Anchore Database
Anchore API{ }
LocalAnchore
Database
Operations& Security
Define Policies
CONTAINER WORKFLOW WITH ANCHORE
Anchore Cloud
Anchore Database
Developer Apps
Build
Anchore API{ }
LocalAnchore
Database
Developer
CONTAINER WORKFLOW WITH ANCHORE
Anchore Cloud
Anchore Database
Developer Apps
Build
Analysis modules
Anchore API{ }
LocalAnchore
Database
Analyze
Developer
● Image metadata● Package metadata● File list● File checksums● SUID files
Default modules
CONTAINER WORKFLOW WITH ANCHORE
Anchore Cloud
Anchore Database
Developer Apps
Build
Test
Analysis modules
Anchore API{ }
LocalAnchore
Database
Analyze
Developer
CONTAINER WORKFLOW WITH ANCHORE
Anchore Cloud
Anchore Database
Developer Apps
Build
Analysis modules
Anchore API{ }
LocalAnchore
Database
Analyze
Developer
Gate modules
Evaluate
Test● Dockerfile check● Package checks● File SUID checks● CVE Checks
Default modules
CONTAINER WORKFLOW WITH ANCHORE
Anchore Cloud
Anchore Database
Developer Apps
Build
Analysis modules
Anchore API{ }
LocalAnchore
Database
Analyze
Developer
Gate modules
Evaluate
On Premise Registry
Test
Anchore Cloud
Anchore Database
Anchore API{ }
LocalAnchore
Database
Query modules
Query
● Gate checks● Package queries● File queries● Base image queries
Default modules
CONTAINER WORKFLOW WITH ANCHORE
Anchore Cloud
Anchore Database
Developer Apps
Build
Test
Analysis modules
Anchore API{ }
LocalAnchore
Database
Analyze
SyncSubscription data
Developer
Gate modules
Evaluate
On Premise Registry
Operations& Security
Define Policies
MOVING FORWARD
27
Work with open source community
Provide commercial offering with expanded set of modules, integrations and data feeds
BETA this summer