@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Mar 09, 2026

We're heading to NYC next week for #ASSEMBLE2026, and we're sponsoring the coffee station. Stop by for a caffeine top-up and pragmatic conversations about vulnerability management. Last chance for a free pass: use code "AnchoreSponsor" at assemble.chainguard.dev

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Mar 08, 2026

SBOM-first isn't just a buzzword—it's the architecture that makes continuous security actually possible 🔄 Feel the difference ⚡ https://anchore.com/platform/ #SBOM #CRA #SoftwareSupplyChain #Compliance

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Mar 08, 2026

MCP is having a moment. @josh.bressers.name wanted to know: what are we actually shipping? 9,000 vulns 263 critical findings 36K+ NPM packages Outdated base images Not fear-mongering—just data-driven reality. Read his analysis: https://anchore.com/blog/analyzing-the-top-mcp-docker-containers/ #MCP #ContainerSecurity

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Mar 08, 2026

Scale-out architecture for web-scale environments 📈 Because your containers don't wait for security scans ⏱️ https://anchore.com/platform/secure/ #SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Mar 08, 2026

"Source code is to build artifacts as data sets are to AI models." Kate Stewart (The Linux Foundation) explains why you can't trust your AI if you don't know what trained it. Read why the "S" in SBOM is standing for System: https://anchore.com/blog/the-s-in-sbom-is-for-system/ #SoftwareSupplyChain #SBOM

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Mar 07, 2026

Open source is free like a puppy, not free like beer. 🐶 Our VP of Security, @joshbressers@infosec.exchange, applies this adage to AI-generated code in his new post on Techstrong.ai. He details the rise of "hidden dependencies," where AI copies open source functionality without creating a traceable package manifest. For teams trying to automate compliance and reduce audit findings, these hidden risks are a major challenge. Josh argues... https://techstrong.ai/contributed-content/the-curious-case-of-ai-dependencies/ #OpenSource #Infosec

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Mar 07, 2026

The EU CRA isn't just policy; it's an economic reality check. 📉 Kate Stewart discusses how steep penalties are finally forcing positive changes in industry hygiene. Transparency is no longer optional. It's the price of admission. https://anchore.com/blog/the-s-in-sbom-is-for-system/ #EUCRA #Compliance

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Mar 07, 2026

@joshbressers: "If you can't search your past builds, you can't bound your blast radius. SBOMs turn a frantic morning into a simple query." His zero-day incident response story from inside Anchore's response to the NPM supply chain attack: https://anchore.com/blog/a-zero-day-incident-response-story-from-the-watchers-on-the-wall/

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Mar 07, 2026

App-level SBOMs are great, but what about the OS layer? In our upcoming Customer Spotlight, we are sitting down with Mattermost to discuss how they replaced manual CLI scanning with a centralized Anchore deployment. We will look at how they manage OS-level vulnerabilities across Linux VMs and Kubernetes for their self-hosted products. Sign up: https://go.anchore.com/beyond-the-sbom-with-mattermost.html

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Mar 07, 2026

Don't let un-scanned containers reach production. 📦🛡️ Our latest blog update shows you exactly how to add an Anchore security gate to your Azure DevOps pipeline using anchorectl.Automate SBOM generationEnforce policy complianceFail builds on high-risk vulnerabilities Read the guide: https://anchore.com/blog/anchore-azure-devops/ #CloudNative #AzureDevOps #DevOps

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Mar 06, 2026

The EU #CRA means SBOMs are no longer optional. ✅ Generate #SBOM in machine-readable format ✅ Include top-level dependencies ✅ Keep updated throughout product lifecycle ✅ Be ready by December 2027 Get our complete compliance checklist: 🔗 https://anchore.com/sbom/eu-cra/

View on mstdn.business

0

1

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Mar 06, 2026

The software supply chain has a blind spot: project vitality. A dependency might lack CVEs but be completely abandoned or even "hallucinated" by code generators. Learn how to add OSS project evaluations to your threat intelligence pool. Reserve your place for March 10 at 4pm ET: https://www.brighttalk.com/webcast/21148/663295 #AppSec #InfoSec #DevSecOps

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Mar 05, 2026

FedRAMP compliance in weeks, not months ⚡ Ready-to-deploy policy packs for instant compliance feedback 📋 https://anchore.com/platform/enforce/ #SoftwareSupplyChain #SBOM #CyberSecurity #Compliance

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Mar 02, 2026

We're sponsoring Chainguard ASSEMBLE in NYC next month. If your team is stuck triaging unverified packages from public registries, let's talk. Start safe with Chainguard, stay secure with Anchore. Get a free pass with code "AnchoreSponsor": assemble.chainguard.dev #ASSEMBLE2026

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Mar 01, 2026

Built on 30M+ download open source tools (Syft & Grype) 🔧 Community-proven, enterprise-hardened 💪 https://anchore.com/platform/secure/ #SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Mar 01, 2026

"The format doesn't really matter... It's really about the content." We hosted @stevespringett, Chair of the CycloneDX WG, to discuss why the industry needs to stop fighting format wars and start focusing on data utility. Read the 4 lessons: https://anchore.com/blog/4-lessons-on-future-of-software-transparency-with-steve-springett/

View on mstdn.business

0

1

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 28, 2026

Your MCP server might be the weakest link—here's the data. @josh.bressers.name scanned 161 MCP images and found 9,000 vulns / 263 criticals. Read the breakdown and fixes: https://anchore.com/blog/analyzing-the-top-mcp-docker-containers/ #MCP #SoftwareSupplyChain #ContainerSecurity #DevSecOps

View on mstdn.business

0

1

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 28, 2026

Open source maintainers: drowning in a sea of "good first issues" that never get picked up? You're not alone. It's a contributor time-shortage problem. Our Dir of DevRel @popey.me wondered if an AI could help. So he tried it. Read to full post: https://anchore.com/blog/can-an-llm-really-fix-a-bug-a-start-to-finish-case-study/

View on mstdn.business

0

1

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 28, 2026

False positives killing your team's productivity? 😵‍💫 Anchore Secure gives you signal, not noise 📡 https://anchore.com/platform/secure/ #SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 28, 2026

🛑 Stop treating your containers like tiny servers. If you are SSH-ing into a container to scan it for STIGs, you're doing it wrong. We break down how to handle compliance the cloud-native way. https://anchore.com/blog/top-stig-compliance-tools/ #STIG #DoD

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 28, 2026

Why guard the castle gates if the threat is already inside? 🏰 Stop focusing solely on the perimeter. It's time to secure the workload itself. Anchore's Chadd Owen breaks down how to protect the software layer. https://anchore.com/blog/anchore-enterprise-powers-dow-zero-trust/ #ZeroTrust #DoD

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 28, 2026

How healthy are the open-source projects your applications rely on? Daniel Nurmi from Anchore is presenting a methodology to transform static SBOM identifiers into actionable intelligence by analyzing EOL status, maintainer activity, and release cadence. Sign up for the March 10th (4pm ET) event: https://www.brighttalk.com/webcast/21148/663295 #CyberSecurity #OpenSource #ThreatIntelligence #SBOM

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 27, 2026

Stop checking boxes and start building trust. 🛡️ "Establishing trust starts with verifying the provenance of OSS code and validating supplier SBOMs." At enterprise scale, you can't trust what you can't verify. https://anchore.com/blog/the-death-of-manual-sbom-management-and-an-automated-future/

View on mstdn.business

1

0

1

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 26, 2026

"Knowing if you are truly exposed is critical in this space." For embedded systems, proof of non-exposure > remediation. Learn how VEX and System BOMs are saving manufacturers millions in unnecessary patching cycles. https://anchore.com/blog/the-s-in-sbom-is-for-system/ #VEX #SBOM

View on mstdn.business

0

1

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 26, 2026

Anchore SBOM Score = CVSS + EPSS + KEV status 📊

Because not all vulnerabilities are created equal ⚠️

https://anchore.com/platform/sbom/

#SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 25, 2026

Our webinar "The EOL Trap: Why Supply Chain Risk is Often Born of Neglect, Not Malice" with our friends from HeroDevs starts in one hour. We will be demonstrating technical strategies for managing technical debt and vulnerabilities in AngularJS, Spring, .NET, and Node.js environments. Let us show you how we secure OSS https://go.anchore.com/solve-the-end-of-life-trap-herodevs-anchore.html

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 24, 2026

Our technical webinar with HeroDevs on EOL supply chain risk begins in 24 hours. Josh Bressers and Mike Morgan will cover how to identify EOL vulnerabilities that standard scanners miss and how to implement secure, audited lifelines for legacy applications. Don't miss it https://go.anchore.com/solve-the-end-of-life-trap-herodevs-anchore.html

View on mstdn.business

0

1

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 24, 2026

Manual security checks are the enemy of speed If you are still manually editing .ckl files, you are losing the battle. Automation is the only way forward for #DoD software factories. See why in our latest post: https://anchore.com/blog/top-stig-compliance-tools/ #STIG

View on mstdn.business

0

2

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 23, 2026

Standard vulnerability scanners often lack the specific data required to identify package-level EOL risks in aging stacks. In this technical walkthrough, we will compare how Anchore tracks Distribution (OS) EOL versus how HeroDevs identifies EOL risks at the package level for technologies including AngularJS and Node.js. Join us for this webinar this Wednesday! https://go.anchore.com/solve-the-end-of-life-trap-herodevs-anchore.html

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 23, 2026

#Security and #compliance teams need visibility into every software component. An #SBOM provides that transparency—mapping dependencies, identifying vulnerabilities, and ensuring compliance. Learn how to implement SBOMs in your workflow: https://get.anchore.com/sbom101-guide-for-devsecops-community/

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 23, 2026

We couldn't have hit 50M downloads without YOU 🙌 From bug reports to code contributions, the Anchore OSS community is the engine behind Syft, Grype, and Grant. @dannurmi shares his thanks and a look at our recent technical roadmap. https://anchore.com/blog/syft-grype-grant-50mill-downloads/

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 23, 2026

"Bring Your Own SBOM" sounds simple... Until you try to manage thousands of them 📊 Scale is everything 📈 https://anchore.com/platform/sbom/ #SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 22, 2026

🚨 The EU just made SBOMs mandatory for all software products! Our guide breaks down the Cyber Resilience Act requirements and provides a roadmap to compliance before the 2027 deadline. Don't wait—start building your SBOM strategy today. 🔗 https://anchore.com/sbom/eu-cra/ #SBOM #CRA

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 22, 2026

The cavalry isn't coming to save us, we are the cavalry." A powerful call to action from @josh.bressers.name on the new OWASP #3. Stop waiting for a tool to solve supply chain security. We have to fix this. Read his plan: https://anchore.com/blog/supply-chain-security-made-the-owasp-top-ten-this-changes-nothing/ #OWASPTop10

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 22, 2026

Shift-left compliance checking ⬅️ Catch violations before deployment, not during audits 🛡️ https://anchore.com/platform/enforce/ #SoftwareSupplyChain #SBOM #CyberSecurity #Compliance

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 21, 2026

Supply chain attacks ↗️ 742% in 2023 Your traditional security stack wasn't built for this fight. SBOM-first architecture changes everything ⚡ https://anchore.com/platform/ #SoftwareSupplyChain #SBOM #CyberSecurity

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 21, 2026

@josh.bressers.name scanned 161 MCP containers. Found 9,000 vulnerabilities. 263 were critical. "Software ages like milk, not wine." His analysis breaks down what's actually being deployed in the MCP ecosystem—and what to do about it. https://anchore.com/blog/analyzing-the-top-mcp-docker-containers/ #MCP #ContainerSecurity

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 21, 2026

Standard scanners often fail to identify package-level #EOL risks. In this joint session, Anchore and HeroDevs will demonstrate how to track Distribution (OS) EOL and utilize specific EOL data sources to find #vulnerabilities in legacy codebases. Join us on February 25 for technical discussions and hands on demos.
Register now https://go.anchore.com/solve-the-end-of-life-trap-herodevs-anchore.html

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 20, 2026

"Is this vulnerable?" is the wrong question. "How fast can we upgrade?" is the right one. Reachability is noisy. High-Velocity Hygiene is the future. Read more from our VP Security, Josh Bressers: https://anchore.com/blog/no-crystal-ball-but-2026-directions/ #DevSecOps #SoftwareSupplyChain

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 17, 2026

Stop chasing a "zero CVE" dashboard.

In 2026, the real winners won't be the ones with the fewest vulnerabilities, they'll be the ones with the fastest upgrade engines.

We break down the new playbook for supply chain security: https://anchore.com/blog/no-crystal-ball-but-2026-directions/

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 17, 2026

We treat source code and containers as untrusted until explicitly verified. In a Zero Trust world, confidence isn't assumed, it's proven 🛡️ Read how Chadd Owen maps the 7 Pillars of Zero Trust to actionable security: https://anchore.com/blog/anchore-enterprise-powers-dow-zero-trust/ #ZeroTrust

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 16, 2026

"Transparency is the path to minimizing risk."

Whether it's a satellite or a financial app, you can't mitigate what you can't see. Kate Stewart (The Linux Foundation) breaks down the future of system-level visibility on the Anchore blog.

https://anchore.com/blog/the-s-in-sbom-is-for-system/

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 15, 2026

How to add vulnerability scanning to developer tools? @RepoFlow's pattern: 1. Generate SBOMs with Syft 2. Scan SBOMs with Grype 3. Parse JSON, deduplicate CVEs 4. Display in existing UI Security without friction: https://anchore.com/blog/security-without-friction-how-repoflow-created-a-devsecops-package-manager-with-grype/

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 15, 2026

🚀 New hardened container companies are launching constantly. The reason isn't compliance mandates—it's practical necessity. When scanners got accurate, the vulnerability problem became impossible to ignore. Hardened images are the efficient solution. https://anchore.com/blog/hardened-images-are-here-to-stay/

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 12, 2026

How did Syft hit 50M downloads? By leading the curve on tech like AI security 🚀 New support for GGUF format means you can finally generate (S/AI)BOMs for LLMs. Dan Nurmi explains how we keep you at the forefront of the frontier. https://anchore.com/blog/syft-grype-grant-50mill-downloads/ #Syft#SBOM #OpenSource

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 09, 2026

@joshbressers: "If you can't search your past builds, you can't bound your blast radius. SBOMs turn a frantic morning into a simple query." His zero-day incident response story from inside Anchore's response to the NPM supply chain attack: https://anchore.com/blog/a-zero-day-incident-response-story-from-the-watchers-on-the-wall/

View on mstdn.business

0

3

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 09, 2026

Scale-out architecture for web-scale environments 📈 Because your containers don't wait for security scans ⏱️ https://anchore.com/platform/secure/ #SoftwareSupplyChain #SBOM #CyberSecurity #Compliance #DevSecOps

View on mstdn.business

0

2

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 05, 2026

50 MILLION downloads and counting! 📈 Dan Nurmi, Anchore Co-founder & Chief Research Officer, dives into what this milestone means for the Anchore OSS community and the future of Syft, Grype, and Grant. Read the full story: https://anchore.com/blog/syft-grype-grant-50mill-downloads/

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 05, 2026

🚨 Did you know an SBOM is more than a simple list of components? Our expert webinar reveals how SBOMs are the key to transforming your zero-day response from a frantic search into a precise, targeted operation. Discover the SBOM advantage. Watch the webinar now: https://go.anchore.com/rapid-incident-response-with-sboms/ #SBOM #Security #DevSecOps #AppSec

View on mstdn.business

0

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

anchore

@anchore@mstdn.business

Securing and managing the software supply chain. Proud parent of https:// fosstodon.org/@syft and https:// fosstodon.org/@grype

mstdn.business

@anchore@mstdn.business · Feb 02, 2026

Don't fall for the CMMC trap. 🚫 Securing your office network (CMMC) won't save you if your product fails SWFT validation. You need both to win the contract. @jonoberg@mastodon.social clarifies the critical difference in our latest blog. https://anchore.com/blog/dod-swft-initiative-and-promise-of-cato-fulfilled/ #DoD #SWFT #ATO

View on mstdn.business

0

anchore

Posts

Media