If your defense strategy relies on late-night triage sessions, it's time to build a better system. Anchore VP of Security, Josh Bressers explains why 2026 is the end of the "hero era": https://anchore.com/blog/no-crystal-ball-but-2026-directions/
#DevSecOps #SoftwareSupplyChain
@josh.bressers.name cuts through the complexity: "Your infrastructure could be a container image... how do you even start to understand what's inside?"
Stop guessing. Start using SBOMs. π‘
https://anchore.com/blog/sbom-is-an-investment-in-the-future/
HUGE NEWS! π£
The "father of SBOM," @allanfriedman.bsky.social, is joining Anchore as a Board Advisor!
We sat down with him to discuss the future of #SoftwareSupplyChainSecurity and what comes after SBOM.... https://anchore.com/blog/anchore-welcomes-sbom-pioneer-dr-allan-friedman-as-board-advisor/
Shift-left compliance checking β¬
οΈ
Catch violations before deployment, not during audits π‘οΈ
https://anchore.com/platform/enforce/
#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance
False positives killing your team's productivity? π΅βπ«
Anchore Secure gives you signal, not noise π‘
https://anchore.com/platform/secure/
#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps
FedRAMP compliance in weeks, not months β‘
Ready-to-deploy policy packs for instant compliance feedback π
https://anchore.com/platform/enforce/
#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance
Speed or Security? The mission requires both.
Automation is the only way to move at high velocity while maintaining a hardened posture.
Check out the top STIG tools for 2025.
https://anchore.com/blog/top-stig-compliance-tools/
#STIG #DoD
"If there has been a material security event, the clock starts. You have four days to create an 8K report." β Alex Rybak
The SEC doesn't care if your SBOMs are messy. When the clock starts, can you query your inventory instantly?
Read more: https://anchore.com/blog/sbom-sprawl-paradox/
#SBOM
π Two tools scanning the same Debian package can return different results. If your scanner misses transitive dependencies, you miss critical CVEs.
Learn to evaluate data accuracy in our new eBook, SBOM 102 π
https://go.anchore.com/sbom102-guide-to-automated-sboms.html
It's not IF, it's WHENπ‘οΈ
Catch Anchore's VP of Security, Josh Bressers alongside a stellar panel at Open Source SecurityCon (co-located at #KubeConEU). They're getting practical about software supply chain attacks & zero-day prep.
π
Mar 23 | 11:50 CET
https://sched.co/2DY3p
Want to shift security left without breaking your builds?
Join our Customer Spotlight, March 18th to see how @mattermost.bsky.social uses Anchore to scan Release Candidates in their CI/CD pipeline, catching OS vulns early without haltin...
https://go.anchore.com/beyond-the-sbom-with-mattermost.html
Anchore SBOM Score = CVSS + EPSS + KEV status π
Because not all vulnerabilities are created equal β οΈ
https://anchore.com/platform/sbom/
#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps
Platform teams are the unsung heroes of zero-day response. π¦ΈββοΈπ¦ΈββοΈ
Catch Anchore's Josh Bressers and experts at Platform Engineering Day at #KubeConEU to explore how to embed security directly into your platform architecture.
π
Mar 23 | 14:30 CET
π https://sched.co/2DY4P
If your code deploys daily, static compliance is obsolete. Learn to embed automated policy checks directly into CI/CD pipelines so you can constantly prove your security controls are working.
Read our latest blog: https://anchore.com/blog/guide-to-continuous-compliance-monitoring/
If your dependency has zero CVEs but the project is abandoned, your risk assessment is incomplete.
Watch Dan Nurmi's session today, 4pm ET, at the @BrightTALK Summit to fix the software supply chain blind spot
https://www.brighttalk.com/webcast/21148/663295
Next week in NYC: #ASSEMBLE2026! We're sponsoring the coffee station because we know exactly what powers secure software development ββ‘
Get a free pass using code "AnchoreSponsor" and come grab a coffee on us!
assemble.chainguard.dev
The EU CRA isn't just policy; it's an economic reality check. π
Kate Stewart discusses how steep penalties are finally forcing positive changes in industry hygiene. Transparency is no longer optional. It's the price of admission.
https://anchore.com/blog/the-s-in-sbom-is-for-system/
CRA demands SBOMs stored for 10 years. PCI-DSS 4 requires scans every 3 months minimum.
Compliance isn't annual anymoreβit's continuous.
@josh.bressers.name explains why your DevOps team already knows how to solve this problem:
https://anchore.com/blog/compliance-isnt-an-annual-ritual-anymore/
SBOM adoption is accelerating, driven by #security best practices and regulatory requirements. This guide explains why #SBOMs matter, how to implement them, and how they fit into a #DevSecOps strategy. Download now: https://get.anchore.com/sbom101-guide-for-devsecops-community/
How do you secure the OS layer of your containers without slowing down your release pipeline?
Join our Customer Spotlight on March 18. @mattermost.bsky.social will walk through how they replaced noisy CLI tools with Anchore to get zero ...
https://go.anchore.com/beyond-the-sbom-with-mattermost.html
If you write code, buy software, or run apps (so... everyone in 2025), everything you know about software development is changing.
The "move fast and break things" era is now "move fast and document everything."
What's your compli... https://anchore.com/blog/navigating-the-new-compliance-frontier/
Don't let un-scanned containers reach production. π¦π‘οΈ
Our latest blog update shows you exactly how to add an Anchore security gate to your Azure DevOps pipeline using anchorectl.Automate SBOM generationEnforce poli... https://anchore.com/blog/anchore-azure-devops/
#CloudNative #AzureDevOps #DevOps
Don't be the security blocker π«
Waiting for a scan in staging is too late. By then, the developer has moved on. Learn how to catch STIG violations before the image ever leaves the pipeline with insights from Jono Bergquist on our blog.
https://anchore.com/blog/top-stig-compliance-tools/
#STIG
If you build, ship, or secure software, you should be at #ASSEMBLE2026 in NYC. We'll be there sharing how our integration with Chainguard cuts through the CVE noise and speeds up FedRAMP compliance.
Use code "AnchoreSponsor" for a free pass! assemble.chainguard.dev
Code generators are creating "hallucinated" dependencies, leading to name-squatting risks. Learn how to detect projects that simply "do not exist" using open source insights.
Sign up for this BrightTALK Threat Intelligence Summit event on Mar 10, 4... https://www.brighttalk.com/webcast/21148/663295
Nobody likes complianceβand that's exactly why CompOps is going to win.
Stop treating compliance as an annual audit. It needs to be a continuous stream of evidence generated by your pipeline.
Read the forecast: https://anchore.com/blog/no-crystal-ball-but-2026-directions/
#CompOps #Compliance
Manual SBOM generation is impossible in DevOps. Fixed a bug? New SBOM needed.
Automate it with a single CLI command integrated into your CI/CD.
Read our new eBook, SBOM 102, to execute generation at scale.
π https://go.anchore.com/sbom102-guide-to-automated-sboms.html
Supply chain attacks βοΈ 742% in 2023
Your traditional security stack wasn't built for this fight.
SBOM-first architecture changes everything β‘
https://anchore.com/platform/
#SoftwareSupplyChain #SBOM #CyberSecurity
Boeing only builds ~3 parts of its own planes. The rest is assembly βοΈ
Software is no different. We are integrators now. But without a system to track those millions of parts, "visibility" is just noise.
Alex Rybak explains the assembly paradox in o... https://anchore.com/blog/sbom-sprawl-paradox/
We're a Gold Sponsor at Chainguard ASSEMBLE in NYC (Mar 16-18)!
Pairing Chainguard's SLSA L2-certified libraries with Anchore's continuous policy enforcement means starting safe and staying secure.
Grab a free pass on us using code "AnchoreSponsor" assemble.chainguard.dev
#ASSEMBLE2026
