Anchore (@anchore.com) — bluesky.baby

"If there has been a material security event, the clock starts. You have four days to create an 8K report." — Alex Rybak

The SEC doesn't care if your SBOMs are messy. When the clock starts, can you query your inventory instantly?

Read more: https://anchore.com/blog/sbom-sprawl-paradox/

#SBOM

13.03.2026 00:46 👍 0 🔁 0 💬 0 📌 0

🔍 Two tools scanning the same Debian package can return different results. If your scanner misses transitive dependencies, you miss critical CVEs.

Learn to evaluate data accuracy in our new eBook, SBOM 102 👇
https://go.anchore.com/sbom102-guide-to-automated-sboms.html

12.03.2026 17:22 👍 0 🔁 0 💬 0 📌 0

It's not IF, it's WHEN🛡️

Catch Anchore's VP of Security, Josh Bressers alongside a stellar panel at Open Source SecurityCon (co-located at #KubeConEU). They're getting practical about software supply chain attacks & zero-day prep.

📅 Mar 23 | 11:50 CET
https://sched.co/2DY3p

12.03.2026 15:21 👍 0 🔁 0 💬 0 📌 0

Want to shift security left without breaking your builds?

Join our Customer Spotlight, March 18th to see how @mattermost.bsky.social uses Anchore to scan Release Candidates in their CI/CD pipeline, catching OS vulns early without haltin...
https://go.anchore.com/beyond-the-sbom-with-mattermost.html

12.03.2026 01:47 👍 0 🔁 0 💬 0 📌 0

Anchore SBOM Score = CVSS + EPSS + KEV status 📊

Because not all vulnerabilities are created equal ⚠️

https://anchore.com/platform/sbom/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps

11.03.2026 19:29 👍 0 🔁 0 💬 0 📌 0

Platform teams are the unsung heroes of zero-day response. 🦸‍♀️🦸‍♂️

Catch Anchore's Josh Bressers and experts at Platform Engineering Day at #KubeConEU to explore how to embed security directly into your platform architecture.

📅 Mar 23 | 14:30 CET
🔗 https://sched.co/2DY4P

11.03.2026 17:42 👍 0 🔁 0 💬 0 📌 0

If your code deploys daily, static compliance is obsolete. Learn to embed automated policy checks directly into CI/CD pipelines so you can constantly prove your security controls are working.

Read our latest blog: https://anchore.com/blog/guide-to-continuous-compliance-monitoring/

11.03.2026 02:53 👍 0 🔁 0 💬 0 📌 0

If your dependency has zero CVEs but the project is abandoned, your risk assessment is incomplete.

Watch Dan Nurmi's session today, 4pm ET, at the @BrightTALK Summit to fix the software supply chain blind spot
https://www.brighttalk.com/webcast/21148/663295

10.03.2026 17:55 👍 0 🔁 0 💬 0 📌 0

Next week in NYC: #ASSEMBLE2026! We're sponsoring the coffee station because we know exactly what powers secure software development ☕⚡

Get a free pass using code "AnchoreSponsor" and come grab a coffee on us!

assemble.chainguard.dev

10.03.2026 04:07 👍 0 🔁 0 💬 0 📌 0

The EU CRA isn't just policy; it's an economic reality check. 📉

Kate Stewart discusses how steep penalties are finally forcing positive changes in industry hygiene. Transparency is no longer optional. It's the price of admission.

https://anchore.com/blog/the-s-in-sbom-is-for-system/

08.03.2026 01:57 👍 0 🔁 0 💬 0 📌 0

CRA demands SBOMs stored for 10 years. PCI-DSS 4 requires scans every 3 months minimum.

Compliance isn't annual anymore—it's continuous.

@josh.bressers.name explains why your DevOps team already knows how to solve this problem:

https://anchore.com/blog/compliance-isnt-an-annual-ritual-anymore/

07.03.2026 21:01 👍 0 🔁 0 💬 0 📌 0

SBOM adoption is accelerating, driven by #security best practices and regulatory requirements. This guide explains why #SBOMs matter, how to implement them, and how they fit into a #DevSecOps strategy. Download now: https://get.anchore.com/sbom101-guide-for-devsecops-community/

07.03.2026 16:00 👍 0 🔁 0 💬 0 📌 0

How do you secure the OS layer of your containers without slowing down your release pipeline?

Join our Customer Spotlight on March 18. @mattermost.bsky.social will walk through how they replaced noisy CLI tools with Anchore to get zero ...
https://go.anchore.com/beyond-the-sbom-with-mattermost.html

07.03.2026 03:38 👍 0 🔁 0 💬 0 📌 0

If you write code, buy software, or run apps (so... everyone in 2025), everything you know about software development is changing.

The "move fast and break things" era is now "move fast and document everything."

What's your compli... https://anchore.com/blog/navigating-the-new-compliance-frontier/

07.03.2026 00:53 👍 0 🔁 0 💬 0 📌 0

Integrating Anchore Security Scanning into Your Azure DevOps Pipeline | Anchore With a few lines of yaml, add security to your Azure DevOps pipeline to keep non-compliant containers from reaching production environments.

Don't let un-scanned containers reach production. 📦🛡️
Our latest blog update shows you exactly how to add an Anchore security gate to your Azure DevOps pipeline using anchorectl.Automate SBOM generationEnforce poli... https://anchore.com/blog/anchore-azure-devops/
#CloudNative #AzureDevOps #DevOps

06.03.2026 22:00 👍 1 🔁 0 💬 0 📌 0

Don't be the security blocker 🚫

Waiting for a scan in staging is too late. By then, the developer has moved on. Learn how to catch STIG violations before the image ever leaves the pipeline with insights from Jono Bergquist on our blog.

https://anchore.com/blog/top-stig-compliance-tools/

#STIG

06.03.2026 04:56 👍 1 🔁 0 💬 0 📌 0

If you build, ship, or secure software, you should be at #ASSEMBLE2026 in NYC. We'll be there sharing how our integration with Chainguard cuts through the CVE noise and speeds up FedRAMP compliance.

Use code "AnchoreSponsor" for a free pass! assemble.chainguard.dev

06.03.2026 02:42 👍 0 🔁 0 💬 0 📌 0

Code generators are creating "hallucinated" dependencies, leading to name-squatting risks. Learn how to detect projects that simply "do not exist" using open source insights.

Sign up for this BrightTALK Threat Intelligence Summit event on Mar 10, 4... https://www.brighttalk.com/webcast/21148/663295

05.03.2026 21:15 👍 0 🔁 0 💬 0 📌 0

Nobody likes compliance—and that's exactly why CompOps is going to win.

Stop treating compliance as an annual audit. It needs to be a continuous stream of evidence generated by your pipeline.

Read the forecast: https://anchore.com/blog/no-crystal-ball-but-2026-directions/

#CompOps #Compliance

04.03.2026 23:03 👍 0 🔁 0 💬 0 📌 0

Manual SBOM generation is impossible in DevOps. Fixed a bug? New SBOM needed.
Automate it with a single CLI command integrated into your CI/CD.

Read our new eBook, SBOM 102, to execute generation at scale.
🔗 https://go.anchore.com/sbom102-guide-to-automated-sboms.html

04.03.2026 21:00 👍 0 🔁 0 💬 0 📌 0

Supply chain attacks ↗️ 742% in 2023

Your traditional security stack wasn't built for this fight.

SBOM-first architecture changes everything ⚡

https://anchore.com/platform/

#SoftwareSupplyChain #SBOM #CyberSecurity

04.03.2026 20:12 👍 0 🔁 0 💬 0 📌 0

Boeing only builds ~3 parts of its own planes. The rest is assembly ✈️

Software is no different. We are integrators now. But without a system to track those millions of parts, "visibility" is just noise.

Alex Rybak explains the assembly paradox in o... https://anchore.com/blog/sbom-sprawl-paradox/

04.03.2026 04:40 👍 0 🔁 0 💬 0 📌 0

We're a Gold Sponsor at Chainguard ASSEMBLE in NYC (Mar 16-18)!

Pairing Chainguard's SLSA L2-certified libraries with Anchore's continuous policy enforcement means starting safe and staying secure.

Grab a free pass on us using code "AnchoreSponsor" assemble.chainguard.dev

#ASSEMBLE2026

02.03.2026 20:57 👍 1 🔁 0 💬 0 📌 0

#Security and #compliance teams need visibility into every software component. An #SBOM provides that transparency—mapping dependencies, identifying vulnerabilities, and ensuring compliance. Learn how to implement SBOMs in your workflow: https://get.anchore.com/sbom101-guide-for-devsecops-community/

02.03.2026 16:00 👍 0 🔁 0 💬 0 📌 0

🛑 Stop treating your containers like tiny servers.

If you are SSH-ing into a container to scan it for STIGs, you're doing it wrong. We break down how to handle compliance the cloud-native way.

https://anchore.com/blog/top-stig-compliance-tools/

#STIG #DoD

01.03.2026 05:22 👍 0 🔁 0 💬 0 📌 0

MCP is having a moment. @josh.bressers.name wanted to know: what are we actually shipping?

9,000 vulns
263 critical findings
36K+ NPM packages
Outdated base images

Not fear-mongering—just data-driven real... https://anchore.com/blog/analyzing-the-top-mcp-docker-containers/

#MCP #ContainerSecurity

01.03.2026 01:35 👍 0 🔁 0 💬 0 📌 0

Open source maintainers: drowning in a sea of "good first issues" that never get picked up? You're not alone.

It's a contributor time-shortage problem. Our Dir of DevRel @popey.me wondered if an AI could help. So ... https://anchore.com/blog/can-an-llm-really-fix-a-bug-a-start-to-finish-case-study/

28.02.2026 16:56 👍 0 🔁 0 💬 0 📌 0

Static SBOMs aren't enough. We need to measure OSS project vitality—like release cadence and maintainer activity.
Sign up for Daniel Nurmi's (Anchore) technical deep dive on March 10 at 4pm ET.

Reserve your place: https://www.brighttalk.com/webcast/21148/663295

27.02.2026 22:06 👍 0 🔁 0 💬 0 📌 0

"Knowing if you are truly exposed is critical in this space."

For embedded systems, proof of non-exposure > remediation.

Learn how VEX and System BOMs are saving manufacturers millions in unnecessary patching cycles.

https://anchore.com/blog/the-s-in-sbom-is-for-system/

#VEX #SBOM

27.02.2026 04:05 👍 0 🔁 0 💬 0 📌 0

Scale-out architecture for web-scale environments 📈

Because your containers don't wait for security scans ⏱️

https://anchore.com/platform/secure/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps

25.02.2026 18:36 👍 0 🔁 0 💬 0 📌 0

Anchore

Latest posts by Anchore @anchore.com