Overview
Anchore Enterprise is an on-premise SCA tool used to secure enterprise and public sector applications and automate compliance against the most stringent government and industry security standards. Its out-of-the-box policy packs automate the enforcement of NIST, CISA, FedRAMP, and CIS standards and benchmarks; The Federal edition additionally provides support for compliance to DOD/DISA standards, FIPS compliance, and is deployable from IL2 up to IL6 air-gapped classified environments.
End to end SBOM management Automatically generate comprehensive SBOMs at each step in the SDLC and store them for use in monitoring for new vulnerabilities and risks - even post deployment. Detect SBOM drift by setting policy rules that alert when components are added, changed or removed and identify errors and malicious efforts to infiltrate builds. Make SBOMs available at any time when requested by auditors, government agencies, or downstream consumers.
Continuous scanning & monitoring Automated scanning of container images for vulnerabilities, malware, and secrets in development pipelines, container registries, and runtime environments with reduced false positives and negatives from best in class vulnerability matching and policy-driven tuning.
Automated compliance enforcement & reporting Add compliance checks into build pipelines to shift compliance left. Monitor registries and runtime environments to maintain continuous compliance. Policies include rules for vulnerability thresholds, regex, applicable standard, software licensing requirements, etc. Robust Reporting capabilities enable proof of evidence as required by security, GRC, and outside auditors.
Highlights
- Automated Compliance: Adhere to various regulatory standards and industry best practices, such as DoD/Zero Trust, PCI, FedRAMP, CISA, and NIST through continuous monitoring and reporting on compliance status.
- Ease of Integration: Leverage fully supported integrations with widely adopted DevOps tools and Cloud services, including major CI/CD tools (GitLab, Jenkins, Cloudbees, Github, etc), container registries, SSO/LDAP, and container platforms (EKS, ECS, Rancher, Openshift, etc).
- End to End Software Supply Chain Security: Leverage the power of SBOMs to know what is in the software you consume, produce, and distribute. Be proactively ready for the next Zero Day event.
Details
Features and programs
Financing for AWS Marketplace purchases
Pricing
Dimension | Description | Cost/12 months |
|---|---|---|
Anchore Federal - Analyzer | Responsible for inspecting source code repositories or container images to gather detailed information and perform various security and compliance checks. | $19,500.00 |
Vendor refund policy
No refunds
Custom pricing options
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
Helm Chart Installation
- Amazon EKS
Helm chart
Helm charts are Kubernetes YAML manifests combined into a single package that can be installed on Kubernetes clusters. The containerized application is deployed on a cluster by running a single Helm install command to install the seller-provided Helm chart.
Version release notes
Data Syncer Service: The Feed Service has been replaced by a new Enterprise service called the Data Syncer. Enterprise no longer supports running a separate feed service. The Data Syncer Service is responsible for syncing data from the Anchore Data Service to the Enterprise installation. The Data Syncer Service is a core service in the Enterprise installation and is required for the system to function correctly.
A new vulnerability exclusion mechanism has been added to the Policy Engine. This replaces the previous ability to disable specific providers in the on-prem feed service.
Fixes:
Resolves an issue that would prevent images that had no vulnerabilities detected in the past from reporting future vulnerabilities.
Additional details
Usage instructions
To deploy Anchore Enterprise:
- Create a Kubernetes secret containing the license file provided to you in the welcome email you receive from Anchore:
kubectl create secret generic anchore-enterprise-license --from-file=license.yaml=<PATH/TO/LICENSE.YAML>
- create a Kubernetes secret containing DockerHub credentials with access to the private Anchore Enterprise software:
kubectl create secret docker-registry anchore-enterprise-pullcreds --docker-server=docker.io --docker-username=<DOCKERHUB_USER> --docker-password=<DOCKERHUB_PAT>
- add the helm chart from the Anchore repo:
helm repo add anchore https://charts.anchore.io
- deploy using the helm chart and values file:
helm install anchore anchore/enterprise -f anchore_values.yaml
See here for further instructions and details, specific to AWS EKS: https://docs.anchore.com/current/docs/deployment/helm/eks/
Resources
Vendor resources
Support
Vendor support
Anchore provides 2 tiers of customer support depending on subscription type purchased (8x5 and 24x7); Additionally, Anchore optionally offers US-only based Support for customers requiring such and 2 enhanced Customer Success packages.
Subscription enabled support: Basic: Our basic support package comes standard with any purchase of Anchore Federal Basic subscriptions and provides web-based, 8x5 support.
Premium: Our premium support package comes standard with any purchase of Anchore Federal Premium subscriptions and provides web-based, 24x7 support.
Optional: US-only based Support may also be purchased as an add-on to any subscription.
Optional Customer Success Packages: Essential: Our Essential package provides the following additional support beyond our subscription based support: 1) Anchore Expert Office Hours, 2) Upgrade Assistance, and 3) Ongoing Health checks.
Complete: Our highest tier of customer support provides customers with a designated Customer Success Manager to deliver all of the following: 1) Anchore Expert On-demand Best Practices, 2) Upgrade Assistance, 3) Ongoing Health checks, 4) Workshop Support, 5) Quarterly Business Reviews (QBRs) and 6) Proactive Escalation Management.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
![Anchore [Private Offer Only]](https://d7umqicpi7263.cloudfront.net/img/product/fcd79ec1-b44e-4fa2-9bf3-8f4d840cf06d.com/850191b7b8773d6c558a45e695489a2c)
