Anchore: Strengthening Software Security: The Anchore and Chainguard Partnership

Sep 23, 2025

—

Source URL: https://anchore.com/blog/chainguard-partnership/
Source: Anchore
Title: Strengthening Software Security: The Anchore and Chainguard Partnership

Feedly Summary: In 2018, Anchore partnered with the US Air Force on Platform One, a project focused on integrating DevSecOps principles into government software development. A core part of that project was the launch of the Iron Bank, a repository of container images hardened with Anchore’s software to remove security issues before deployment. This accelerated compliance status […]
The post Strengthening Software Security: The Anchore and Chainguard Partnership appeared first on Anchore.

AI Summary and Description: Yes

**Summary:**
The text discusses a partnership between Anchore and Chainguard aimed at enhancing software security through the integration of DevSecOps principles. By utilizing hardened container images, the collaboration helps government and commercial customers manage vulnerabilities and compliance more effectively, especially in light of increasing regulatory burdens.

**Detailed Description:**
The partnership between Anchore and Chainguard represents a strategic move to bolster software security in the realms of government and commercial software development. Key aspects of this collaboration focus on proactive security measures and compliance facilitation for users grappling with various regulatory guidelines.

– **DevSecOps Integration:**
– Anchore and Chainguard’s work with the US Air Force on Platform One exemplifies the application of DevSecOps in government projects.
– The Iron Bank, a hardened repository of container images, was launched to mitigate security issues before software deployment.

– **Hardened Container Images:**
– Chainguard champions the use of hardened images, which significantly reduces vulnerabilities prior to coding.
– Developers can concentrate on their application security rather than underlying operating system concerns.

– **Regulatory Compliance:**
– The partnership assists customers in navigating compliance with increasing governmental regulations like FedRAMP, DORA, NIS2, and CRA by simplifying the identification and resolution of security vulnerabilities.
– The proactive approach enables faster compliance achievement, effectively reducing costs associated with traditional triage and patching.

– **Continuous Compliance and Scanning:**
– Anchore Enterprise provides continuous scanning, emphasizing the identification of newly introduced vulnerabilities as developers add code.
– Alerts are generated seamlessly, based on up-to-date vulnerability data, allowing teams to respond quickly to emerging threats.

– **Policy Enforcement:**
– The out-of-the-box policy packs integrated into Anchore Enterprise help in maintaining compliance by flagging issues that could put a system out of compliance.
– Critical security concerns, such as unencrypted secrets or incorrect file permissions, are specifically addressed to align with US and European standards.

– **Open Source Collaboration:**
– Chainguard’s involvement with open source projects Syft, Grype, and Vunnel underscores their commitment to community contributions, which can enhance software security.
– The partnership fosters continual testing to optimize scanning results and ensure early detection of potential vulnerabilities.

Overall, the collaboration between Anchore and Chainguard highlights significant advancements in software security practices, underscoring the importance of proactive vulnerability management and regulatory compliance in modern software development ecosystems.

01 1 2 a Act advancement advancements age AI air Air Force alerts All allow Anchore Anchore Enterprise and app Application application security art as at ated based Bi Box by C CERN chain CI CIA co code coding Col collaboration commercial commit commitment community community contribution community contributions compliance Compliance Status concerns container container image container images continuous Continuous Compliance continuous scanning core cost Costs critical custom Customer D data de deployment detection developer developers development DevSecOps e ecosystem ecosystems EDR effective emerging emerging threats enforcement enterprise Entra ERP EU Europe European fast faster Fed FedR FedRAMP file first focused for g Gen generated Go government Grype guidelines H hardened hardened container images hardened images high Highlight HR http HTTPS image in integration io Iron IRS issue J k Key l Labor led Li line lm low M man management measures mission ML Mode Modern modern software development N new NIS2 o of on one ons open open source collaboration open source projects operating system OPM ops opt ory oS out over partners partnership Patch patching per permissions platform policy policy enforcement post potential practices pre principles pro proactive proactive approach proactive security proactive security measures proactive vulnerability management project projects ps Q QUIC R rate RCE re real red Regulation regulations regulatory regulatory burdens regulatory compliance regulatory guidelines repository resolution Ro s scanning sec SecOps secrets security security concerns security issues security measure security measures security practices Security Vulnerabilities Sig Sim SoC software software deployment software development software security software security practices source source collaboration source project source projects specific SSE SSL SSO standards strategic Syft system systems T team Teams ted test Testing text the threat threats to Tor TP UI under up US use user Users V vulnerabilities vulnerability vulnerability data Vulnerability Management Ware Wi x z